Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
u233hvgTow.exe

Overview

General Information

Sample name:u233hvgTow.exe
renamed because original name is a hash value
Original sample name:c7c60e246f5025ca90622ca0eca8749452bab43e.exe
Analysis ID:1582805
MD5:9848b927987f298730db70a89574fdad
SHA1:c7c60e246f5025ca90622ca0eca8749452bab43e
SHA256:984bfd0f35280b016c3385527d3eec75afe765bb13c67059d1d2aa31673cec04
Tags:exeuser-NDA0E
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • u233hvgTow.exe (PID: 776 cmdline: "C:\Users\user\Desktop\u233hvgTow.exe" MD5: 9848B927987F298730DB70A89574FDAD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["212.56.41.77:1912"], "Bot Id": "first", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
u233hvgTow.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    u233hvgTow.exeinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
    • 0x24cc3:$gen01: ChromeGetRoamingName
    • 0x24ce8:$gen02: ChromeGetLocalName
    • 0x24d2b:$gen03: get_UserDomainName
    • 0x28bc4:$gen04: get_encrypted_key
    • 0x27943:$gen05: browserPaths
    • 0x27c19:$gen06: GetBrowsers
    • 0x27501:$gen07: get_InstalledInputLanguages
    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
    • 0x296be:$spe9: *wallet*
    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.2240557124.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.2348097551.0000000004872000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  Click to see the 3 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.2.u233hvgTow.exe.4929fec.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.2.u233hvgTow.exe.4929fec.2.raw.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                    • 0x24cc3:$gen01: ChromeGetRoamingName
                    • 0x24ce8:$gen02: ChromeGetLocalName
                    • 0x24d2b:$gen03: get_UserDomainName
                    • 0x28bc4:$gen04: get_encrypted_key
                    • 0x27943:$gen05: browserPaths
                    • 0x27c19:$gen06: GetBrowsers
                    • 0x27501:$gen07: get_InstalledInputLanguages
                    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                    • 0x296be:$spe9: *wallet*
                    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
                    0.2.u233hvgTow.exe.449c397.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      0.2.u233hvgTow.exe.449c397.0.raw.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                      • 0x24cc3:$gen01: ChromeGetRoamingName
                      • 0x24ce8:$gen02: ChromeGetLocalName
                      • 0x24d2b:$gen03: get_UserDomainName
                      • 0x28bc4:$gen04: get_encrypted_key
                      • 0x27943:$gen05: browserPaths
                      • 0x27c19:$gen06: GetBrowsers
                      • 0x27501:$gen07: get_InstalledInputLanguages
                      • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                      • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                      • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                      • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                      • 0x296be:$spe9: *wallet*
                      • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                      • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                      • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                      • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                      • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                      • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                      • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                      • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
                      0.2.u233hvgTow.exe.449c397.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 9 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T15:02:15.339611+010020432341A Network Trojan was detected212.56.41.771912192.168.2.649736TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T15:02:15.219716+010020432311A Network Trojan was detected192.168.2.649736212.56.41.771912TCP
                        2024-12-31T15:02:20.399076+010020432311A Network Trojan was detected192.168.2.649736212.56.41.771912TCP
                        2024-12-31T15:02:23.614921+010020432311A Network Trojan was detected192.168.2.649736212.56.41.771912TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T15:02:20.546659+010020460561A Network Trojan was detected212.56.41.771912192.168.2.649736TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T15:02:15.219716+010020460451A Network Trojan was detected192.168.2.649736212.56.41.771912TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: u233hvgTow.exeMalware Configuration Extractor: RedLine {"C2 url": ["212.56.41.77:1912"], "Bot Id": "first", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                        Multi AV Scanner detection for submitted file
                        Source: u233hvgTow.exeReversingLabs: Detection: 75%
                        Source: u233hvgTow.exeVirustotal: Detection: 73%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for sample
                        Source: u233hvgTow.exeJoe Sandbox ML: detected
                        Source: u233hvgTow.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: u233hvgTow.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 4x nop then jmp 06B468DBh0_2_06B46618
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 4x nop then jmp 06B497D8h0_2_06B492E0
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 4x nop then jmp 06B45A5Fh0_2_06B45300
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 4x nop then jmp 06B4601Bh0_2_06B45D68

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.6:49736 -> 212.56.41.77:1912
                        Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.6:49736 -> 212.56.41.77:1912
                        Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 212.56.41.77:1912 -> 192.168.2.6:49736
                        Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 212.56.41.77:1912 -> 192.168.2.6:49736
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: 212.56.41.77:1912
                        Source: global trafficTCP traffic: 192.168.2.6:49736 -> 212.56.41.77:1912
                        Source: Joe Sandbox ViewASN Name: KCOM-SPNService-ProviderNetworkex-MistralGB KCOM-SPNService-ProviderNetworkex-MistralGB
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.56.41.77
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: u233hvgTow.exeString found in binary or memory: https://api.ip.sb/ip
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: u233hvgTow.exe, type: SAMPLEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.4929fec.2.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.449c397.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.449c397.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.4929fec.2.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.4399490.1.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.0.u233hvgTow.exe.ec0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: 0.2.u233hvgTow.exe.4399490.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_017EDC740_2_017EDC74
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057BEE580_2_057BEE58
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057B88500_2_057B8850
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057B00400_2_057B0040
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057B00070_2_057B0007
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057B88400_2_057B8840
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057B5A380_2_057B5A38
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B4C2480_2_06B4C248
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B4B0F80_2_06B4B0F8
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B486300_2_06B48630
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B486230_2_06B48623
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B414100_2_06B41410
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B414000_2_06B41400
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B492E00_2_06B492E0
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B453000_2_06B45300
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B470880_2_06B47088
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B440F00_2_06B440F0
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B440E00_2_06B440E0
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B470780_2_06B47078
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B431180_2_06B43118
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B42C600_2_06B42C60
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B45D680_2_06B45D68
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B43B980_2_06B43B98
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B43B8A0_2_06B43B8A
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B449280_2_06B44928
                        Source: u233hvgTow.exe, 00000000.00000002.2343868284.00000000014DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs u233hvgTow.exe
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs u233hvgTow.exe
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000496C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs u233hvgTow.exe
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs u233hvgTow.exe
                        Source: u233hvgTow.exe, 00000000.00000000.2240584674.0000000000F06000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs u233hvgTow.exe
                        Source: u233hvgTow.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs u233hvgTow.exe
                        Source: u233hvgTow.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: u233hvgTow.exe, type: SAMPLEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.4929fec.2.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.449c397.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.449c397.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.4929fec.2.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.4399490.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.0.u233hvgTow.exe.ec0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: 0.2.u233hvgTow.exe.4399490.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeMutant created: NULL
                        Source: u233hvgTow.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: u233hvgTow.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                        Source: C:\Users\user\Desktop\u233hvgTow.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000036A5000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.0000000003611000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.0000000003690000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000035FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: u233hvgTow.exeReversingLabs: Detection: 75%
                        Source: u233hvgTow.exeVirustotal: Detection: 73%
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile read: C:\Users\user\Desktop\u233hvgTow.exeJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: dwrite.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: u233hvgTow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: u233hvgTow.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: u233hvgTow.exeStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_057BD442 push eax; ret 0_2_057BD451
                        Source: C:\Users\user\Desktop\u233hvgTow.exeCode function: 0_2_06B42F21 push DC06B360h; retf 0_2_06B42F2D
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Source: C:\Users\user\Desktop\u233hvgTow.exeMemory allocated: 1770000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeMemory allocated: 32E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWindow / User API: threadDelayed 888Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWindow / User API: threadDelayed 1713Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exe TID: 5676Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exe TID: 2136Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\u233hvgTow.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                        Source: u233hvgTow.exe, 00000000.00000002.2356442894.0000000006750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.000000000376F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552LR
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.000000000377A000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.000000000363C000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000038C4000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.0000000003883000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.000000000343E000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.000000000395C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnXrwGvPjnt7OfVwg2HHr8jHcJ5uzn/JOx/BvEfztbLR
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.00000000039FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                        Source: u233hvgTow.exe, 00000000.00000002.2348097551.000000000452B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Users\user\Desktop\u233hvgTow.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\u233hvgTow.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: u233hvgTow.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4929fec.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.449c397.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.449c397.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4929fec.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4399490.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.0.u233hvgTow.exe.ec0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4399490.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.2240557124.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2348097551.0000000004872000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: u233hvgTow.exe PID: 776, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                        Source: u233hvgTow.exe, 00000000.00000002.2357917005.00000000067A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\**
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                        Source: u233hvgTow.exe, 00000000.00000002.2362736659.0000000007430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json
                        Source: u233hvgTow.exe, 00000000.00000002.2357917005.00000000067A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\wallets\*\*
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                        Source: u233hvgTow.exe, 00000000.00000002.2357917005.00000000067A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\*app-store*r
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.000000000343E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
                        Source: u233hvgTow.exe, 00000000.00000002.2345163141.000000000343E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q8C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                        Source: C:\Users\user\Desktop\u233hvgTow.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                        Source: Yara matchFile source: 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2345163141.000000000343E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: u233hvgTow.exe PID: 776, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: u233hvgTow.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4929fec.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.449c397.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.449c397.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4929fec.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4399490.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.0.u233hvgTow.exe.ec0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.u233hvgTow.exe.4399490.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.2240557124.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2348097551.0000000004872000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: u233hvgTow.exe PID: 776, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Masquerading                        		1
                        OS Credential Dumping                        		221
                        Security Software Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                        Disable or Modify Tools                        		LSASS Memory1
                        Process Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		1
                        Non-Standard Port                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                        Virtualization/Sandbox Evasion                        		Security Account Manager241
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin SharesData from Network Shared Drive1
                        Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                        Obfuscated Files or Information                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Timestomp                        		LSA Secrets113
                        System Information Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        DLL Side-Loading                        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        u233hvgTow.exe76%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                        u233hvgTow.exe74%VirustotalBrowse
                        u233hvgTow.exe100%Joe Sandbox ML

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        212.56.41.77:19120%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        s-part-0017.t-0009.t-msedge.net
                        		13.107.246.45
                        		truefalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          212.56.41.77:1912true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/chrome_newtabu233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/04/security/sc/dku233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id23ResponseDu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id12Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id2Responseu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id21Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id9u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id8u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id5u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id4u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id7u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id19Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/faultu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsatu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id15Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registeru233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id6Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.ip.sb/ipu233hvgTow.exefalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/scu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id1ResponseDu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id9Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id20u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id21u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id22u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id23u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id24u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id24Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.ecosia.org/newtab/u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id1Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegou233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressingu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trustu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id10u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/Entity/Id11u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Entity/Id12u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Entity/Id16Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/Entity/Id13u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id14u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id15u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id16u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tempuri.org/Entity/Id17u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://tempuri.org/Entity/Id18u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://tempuri.org/Entity/Id5Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id19u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id10Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/Renewu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id8Responseu233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentityu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1u233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=u233hvgTow.exe, 00000000.00000002.2348097551.000000000431B000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://duckduckgo.com/chrome_newtabSu233hvgTow.exe, 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbacku233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://tempuri.org/Entity/Id3ResponseDu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://tempuri.org/Entity/Id23Responseu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, u233hvgTow.exe, 00000000.00000002.2345163141.00000000032E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTu233hvgTow.exe, 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                212.56.41.77
                                                                                                                                                                                                                                		unknownUnited Kingdom
                                                                                                                                                                                                                                		8897KCOM-SPNService-ProviderNetworkex-MistralGBtrue

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1582805
                                                                                                                                                                                                                                Start date and time:2024-12-31 15:01:09 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 3m 34s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:3
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:u233hvgTow.exe
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:c7c60e246f5025ca90622ca0eca8749452bab43e.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 20
                                                                                                                                                                                                                                • Number of non-executed functions: 20
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                09:02:20API Interceptor16x Sleep call for process: u233hvgTow.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                s-part-0017.t-0009.t-msedge.netzhMQ0hNEmb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                2RxMkSAgZ8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                bzzF5OFbVi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                                                                                xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                                • 13.107.246.45

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                KCOM-SPNService-ProviderNetworkex-MistralGBSet-up.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                                                                                                                • 195.200.31.22
                                                                                                                                                                                                                                xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 194.164.201.126
                                                                                                                                                                                                                                0Ty.png.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                • 194.164.234.171
                                                                                                                                                                                                                                https://a41c415c7bccad129d61b50d2032009e.aktive-senioren.biz/de/st/1?#bqcnl4tocgzq65tck3bvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 194.164.200.113
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 195.26.252.19
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 195.26.252.19
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 195.26.252.19
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 195.26.252.19
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 195.26.252.19
                                                                                                                                                                                                                                ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 195.26.252.19

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\u233hvgTow.exe.log

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\u233hvgTow.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):3094
                                                                                                                                                                                                                                Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                                SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                                SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                                SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):5.081291392936279
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                File name:u233hvgTow.exe
                                                                                                                                                                                                                                File size:307'712 bytes
                                                                                                                                                                                                                                MD5:9848b927987f298730db70a89574fdad
                                                                                                                                                                                                                                SHA1:c7c60e246f5025ca90622ca0eca8749452bab43e
                                                                                                                                                                                                                                SHA256:984bfd0f35280b016c3385527d3eec75afe765bb13c67059d1d2aa31673cec04
                                                                                                                                                                                                                                SHA512:613b646775e89039ac2107e229269228999cdc6cb691251b2e95dab7e8308c105f132a51ed0fd56cc8c756388956cb375f921142e57936bed35f3c2f41a19cda
                                                                                                                                                                                                                                SSDEEP:3072:acZqf7D34xp/0+mA0kywMlQEg85fB1fA0PuTVAtkxz13RMeqiOL2bBOA:acZqf7DIjnGCQNB1fA0GTV8k70L
                                                                                                                                                                                                                                TLSH:0A645A5833E8C910DA7F4775D861D67193B0BCA3A552E70B4FC4ACAB3D32740EA50AB6
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x43028e
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3023c0x4f.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9c6.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x20000x2e2940x2e400027c63b268eca928d0de2254a00d7151False0.47478357263513515data6.186188701784866IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0x320000x1c9c60x1ca00a8cf3f8ff27a4a736ba8fb433d91107fFalse0.2380765556768559data2.615031395625776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0x500000xc0x20021472a05bd31cf3b960b3bcc0808216bFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0x322200x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                                                                                                RT_ICON0x35f240x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                                                                                                RT_ICON0x4674c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                                                                                                RT_ICON0x4a9740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                                                                                                RT_ICON0x4cf1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                                                                                                RT_ICON0x4dfc40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                                                                                                RT_GROUP_ICON0x4e42c0x5adata0.7666666666666667
                                                                                                                                                                                                                                RT_VERSION0x4e4880x352data0.4447058823529412
                                                                                                                                                                                                                                RT_MANIFEST0x4e7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-31T15:02:15.219716+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.649736212.56.41.771912TCP
                                                                                                                                                                                                                                2024-12-31T15:02:15.219716+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.649736212.56.41.771912TCP
                                                                                                                                                                                                                                2024-12-31T15:02:15.339611+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1212.56.41.771912192.168.2.649736TCP
                                                                                                                                                                                                                                2024-12-31T15:02:20.399076+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.649736212.56.41.771912TCP
                                                                                                                                                                                                                                2024-12-31T15:02:20.546659+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1212.56.41.771912192.168.2.649736TCP
                                                                                                                                                                                                                                2024-12-31T15:02:23.614921+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.649736212.56.41.771912TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 31, 2024 15:02:14.624826908 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:14.629746914 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:14.629838943 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:14.646256924 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:14.651072025 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.124119043 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.174933910 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.219716072 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.224571943 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.339611053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:15.393580914 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.399075985 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.403975010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546525002 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546550035 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546561956 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546638012 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546658993 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546673059 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546694994 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546706915 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546720028 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546722889 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546734095 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546735048 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:20.546797037 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.835217953 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840054989 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840071917 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840075970 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840091944 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840101004 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840133905 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840151072 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840154886 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840159893 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840208054 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840224028 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840236902 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840276957 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840289116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.840379953 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.844883919 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.844904900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.844953060 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.844980955 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.844996929 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845005989 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845058918 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845091105 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845103025 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845134020 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845174074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845182896 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845184088 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845207930 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845211029 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845223904 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845225096 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845252037 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845278025 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845280886 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845323086 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845376968 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.845495939 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.849841118 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.849956036 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.849958897 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.849967957 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850044966 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850096941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850147009 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850192070 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850199938 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850275040 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850290060 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850300074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850353003 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850383043 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850393057 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850402117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850410938 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850434065 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850457907 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850466967 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850514889 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850523949 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850543976 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850553036 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850613117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850621939 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850672007 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850681067 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850714922 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850723982 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850733995 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850770950 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.850822926 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854722977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854773998 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854792118 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854815006 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854836941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854921103 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854929924 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854940891 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.854988098 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855001926 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855003119 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855053902 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855108023 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855117083 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855161905 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855164051 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855173111 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855211020 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855246067 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855254889 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855317116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855326891 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855356932 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855365992 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855376959 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855418921 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855427980 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855484009 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855492115 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855523109 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855564117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855623960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855633020 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855690002 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855700970 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855711937 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855776072 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855791092 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855799913 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855848074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855856895 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855891943 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855901003 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855943918 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855953932 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.855992079 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856000900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856125116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856133938 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856142998 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856151104 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856158972 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856167078 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856183052 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856190920 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856205940 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856215000 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856265068 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856273890 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856339931 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856348991 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856446981 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856456995 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856465101 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856472969 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856487989 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856496096 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856529951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856539011 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856575966 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856585026 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856698036 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856705904 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856714010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856723070 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856734037 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.856741905 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861118078 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861128092 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861135960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861145973 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861162901 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861171007 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861217022 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861226082 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861296892 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861305952 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861339092 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861347914 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861366987 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861375093 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861418962 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861428022 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861464024 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861473083 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861481905 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.861526012 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.862349033 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.862436056 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.862436056 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.862489939 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867268085 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867279053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867311001 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867327929 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867417097 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867433071 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867464066 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867472887 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867531061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867542028 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867615938 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867624998 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867675066 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867683887 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867701054 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867708921 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867769957 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867779016 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867830038 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867839098 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867855072 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867863894 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867917061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867924929 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867968082 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867980003 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.867996931 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868012905 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868088007 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868097067 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868113041 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868120909 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868161917 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868170977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868191957 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868201017 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868235111 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868243933 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868298054 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868307114 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868375063 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868383884 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868392944 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868402004 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868412018 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868421078 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868447065 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868457079 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868465900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868505001 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868514061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868519068 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868583918 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868592978 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868617058 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868639946 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868675947 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868722916 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868732929 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868741035 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868750095 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868761063 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868771076 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868788004 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868797064 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868804932 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868814945 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868813038 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868832111 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868863106 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868872881 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868911982 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868930101 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868938923 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868963003 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868972063 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868987083 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.868994951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869077921 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869087934 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869096041 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869103909 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869112015 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869119883 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869134903 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869144917 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869160891 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869168997 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869198084 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869205952 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869236946 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869246006 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869267941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869277000 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869317055 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869324923 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869354010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869363070 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869398117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869406939 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869440079 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869448900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869471073 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869487047 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869529963 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869539022 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869570971 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.869580030 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873667955 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873718977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873780966 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873790026 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873825073 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873832941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873861074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873883009 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873918056 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873927116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873935938 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873972893 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.873981953 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874026060 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874061108 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874104977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874114037 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874190092 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874200106 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874233007 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874241114 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874274969 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874284029 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874418974 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874428034 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874444008 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874453068 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874456882 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874464989 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874475956 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874485016 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874548912 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874557972 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874566078 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874573946 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874591112 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874598980 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874649048 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874656916 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874701023 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874710083 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874761105 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874768972 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874804974 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874813080 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874824047 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874831915 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874876976 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874886990 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874958038 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874967098 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874978065 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874988079 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.874998093 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.875051975 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878753901 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878763914 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878802061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878810883 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878851891 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878861904 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878885984 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878896952 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878951073 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.878997087 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879005909 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879008055 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879015923 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879079103 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879087925 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879096031 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879115105 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879122972 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879200935 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879209995 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879219055 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879229069 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879245996 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879255056 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879275084 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879282951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879300117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879340887 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879349947 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879358053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879390001 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879399061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879427910 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879436970 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879452944 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879462004 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879486084 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879493952 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879525900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879535913 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879575014 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879601955 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879610062 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879618883 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879645109 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879662037 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879707098 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879714966 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879795074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879803896 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879812002 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879821062 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879837990 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879853010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.879861116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883800030 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883811951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883826971 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883831024 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883835077 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883888960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883898020 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883930922 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883939981 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883980989 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.883991003 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884001017 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884021044 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884032011 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884037018 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884098053 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884111881 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884120941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884133101 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884143114 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884151936 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884166956 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884175062 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884198904 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884208918 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884285927 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884295940 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884310961 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884320021 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884371996 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884380102 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884417057 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884426117 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884440899 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884449959 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.884488106 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.930485010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.930792093 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.930881023 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.930881023 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.930932999 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.935925961 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936013937 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936214924 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936268091 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936466932 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936534882 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936686039 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936705112 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936774015 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936851978 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936897993 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.936944008 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937005997 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937015057 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937062025 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937071085 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937119007 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937128067 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937165976 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937175035 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937246084 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937254906 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937264919 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937273979 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.937289953 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.978511095 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.978802919 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.978873968 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.978873968 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:22.978926897 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.013603926 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.013878107 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.013947010 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.013947010 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.013987064 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.018789053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.018845081 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.018894911 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.018940926 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.018985987 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019041061 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019129992 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019176960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019187927 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019220114 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019305944 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019320011 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019392014 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019402027 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019475937 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019484997 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019495010 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019550085 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019628048 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019637108 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019680977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019690990 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019754887 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019763947 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019805908 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019845963 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019897938 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019907951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019947052 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019957066 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.019983053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020055056 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020064116 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020073891 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020116091 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020124912 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020142078 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020150900 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020173073 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020181894 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020216942 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020226002 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020324945 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020333052 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020342112 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020351887 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020385027 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020394087 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020402908 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020411968 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020430088 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020438910 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020453930 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020466089 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020493031 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020498037 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020584106 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020592928 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020596981 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020605087 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020610094 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020617962 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020673990 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020684004 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020690918 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020699978 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020730972 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020735979 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020745039 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020752907 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020756960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020768881 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020777941 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020803928 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020818949 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020833015 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020874977 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020884037 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020942926 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.020994902 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021003962 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021012068 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021059036 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021068096 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021078110 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021085978 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021141052 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021150112 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021158934 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021168947 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021177053 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021184921 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021202087 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021209955 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021316051 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021325111 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021333933 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021342993 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021351099 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021385908 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021397114 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021406889 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021433115 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021441936 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021538973 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021548033 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021557093 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.021564960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025551081 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025635958 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025645018 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025691986 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025707960 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025785923 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025806904 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025815964 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025850058 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025860071 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025928020 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025938988 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025948048 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.025955915 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026005030 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026016951 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026046038 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026055098 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026077986 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026087046 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026154041 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026164055 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026199102 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026207924 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026237011 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026246071 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026277065 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026307106 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.026315928 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.070455074 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.614029884 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.614921093 CET497361912192.168.2.6212.56.41.77
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.619760990 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.735024929 CET191249736212.56.41.77192.168.2.6
                                                                                                                                                                                                                                Dec 31, 2024 15:02:23.770895958 CET497361912192.168.2.6212.56.41.77

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Dec 31, 2024 15:02:09.301074028 CET1.1.1.1192.168.2.60xe2f4No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 31, 2024 15:02:09.301074028 CET1.1.1.1192.168.2.60xe2f4No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:09:02:12
                                                                                                                                                                                                                                Start date:31/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\u233hvgTow.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\u233hvgTow.exe"
                                                                                                                                                                                                                                Imagebase:0xec0000
                                                                                                                                                                                                                                File size:307'712 bytes
                                                                                                                                                                                                                                MD5 hash:9848B927987F298730DB70A89574FDAD
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.2240557124.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2345163141.0000000003376000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2348097551.0000000004872000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2348097551.0000000004391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2345163141.000000000343E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:7.5%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:99
                                                                                                                                                                                                                                  Total number of Limit Nodes:7
                                                                                                                                                                                                                                  execution_graph 40999 16ed01c 41000 16ed034 40999->41000 41001 16ed08e 41000->41001 41004 57b2c08 41000->41004 41013 57b0ad4 41000->41013 41005 57b2c0c 41004->41005 41006 57b2c79 41005->41006 41008 57b2c69 41005->41008 41038 57b0bfc 41006->41038 41022 57b2e6c 41008->41022 41028 57b2da0 41008->41028 41033 57b2d90 41008->41033 41009 57b2c77 41015 57b0adf 41013->41015 41014 57b2c79 41016 57b0bfc CallWindowProcW 41014->41016 41015->41014 41018 57b2c69 41015->41018 41017 57b2c77 41016->41017 41019 57b2e6c CallWindowProcW 41018->41019 41020 57b2da0 CallWindowProcW 41018->41020 41021 57b2d90 CallWindowProcW 41018->41021 41019->41017 41020->41017 41021->41017 41023 57b2e2a 41022->41023 41024 57b2e7a 41022->41024 41042 57b2e58 41023->41042 41046 57b2e48 41023->41046 41025 57b2e40 41025->41009 41030 57b2da1 41028->41030 41029 57b2e40 41029->41009 41031 57b2e58 CallWindowProcW 41030->41031 41032 57b2e48 CallWindowProcW 41030->41032 41031->41029 41032->41029 41035 57b2d94 41033->41035 41034 57b2e40 41034->41009 41036 57b2e58 CallWindowProcW 41035->41036 41037 57b2e48 CallWindowProcW 41035->41037 41036->41034 41037->41034 41039 57b0c01 41038->41039 41040 57b435a CallWindowProcW 41039->41040 41041 57b4309 41039->41041 41040->41041 41041->41009 41043 57b2e59 41042->41043 41044 57b2e69 41043->41044 41050 57b429b 41043->41050 41044->41025 41047 57b2e4c 41046->41047 41048 57b2e69 41047->41048 41049 57b429b CallWindowProcW 41047->41049 41048->41025 41049->41048 41051 57b0bfc CallWindowProcW 41050->41051 41052 57b42aa 41051->41052 41052->41044 41053 6b4dd41 41054 6b4dcdc 41053->41054 41056 6b4dd4a 41053->41056 41059 6b4ede0 41054->41059 41063 6b4edd1 41054->41063 41055 6b4dcfd 41061 6b4ee28 41059->41061 41060 6b4ee31 41060->41055 41061->41060 41067 6b4eb1c 41061->41067 41064 6b4ee28 41063->41064 41065 6b4ee31 41064->41065 41066 6b4eb1c LoadLibraryW 41064->41066 41065->41055 41066->41065 41069 6b4ef28 LoadLibraryW 41067->41069 41070 6b4ef9d 41069->41070 41070->41060 40967 17ead38 40968 17ead39 40967->40968 40972 17eae30 40968->40972 40977 17eae20 40968->40977 40969 17ead47 40975 17eae31 40972->40975 40973 17eae64 40973->40969 40974 17eb068 GetModuleHandleW 40976 17eb095 40974->40976 40975->40973 40975->40974 40976->40969 40980 17eae24 40977->40980 40978 17eae64 40978->40969 40979 17eb068 GetModuleHandleW 40981 17eb095 40979->40981 40980->40978 40980->40979 40981->40969 40982 17ed0b8 40983 17ed0bd 40982->40983 40987 17ed298 40983->40987 40991 17ed289 40983->40991 40984 17ed1eb 40988 17ed29d 40987->40988 40995 17ec9a0 40988->40995 40992 17ed298 40991->40992 40993 17ec9a0 DuplicateHandle 40992->40993 40994 17ed2c6 40993->40994 40994->40984 40996 17ed300 DuplicateHandle 40995->40996 40998 17ed2c6 40996->40998 40998->40984 41071 17e4668 41072 17e4669 41071->41072 41073 17e4696 41072->41073 41075 17e47a0 41072->41075 41076 17e47a4 41075->41076 41080 17e48b0 41076->41080 41084 17e48a1 41076->41084 41082 17e48b1 41080->41082 41081 17e49b4 41081->41081 41082->41081 41088 17e4248 41082->41088 41086 17e48a4 41084->41086 41085 17e49b4 41086->41085 41087 17e4248 CreateActCtxA 41086->41087 41087->41085 41089 17e5940 CreateActCtxA 41088->41089 41091 17e5a03 41089->41091

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 057BEE58 Relevance: 1.2, Instructions: 1234COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 50bc4347356960dd85851b4a4f5446d737f0c40f5651805a70ea810b1d890091
                                                                                                                                                                                                                                  • Instruction ID: 974b526226650f5592b1972ad48d72fdb71f3ac3ddd7abea2ddc7f285f388028
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50bc4347356960dd85851b4a4f5446d737f0c40f5651805a70ea810b1d890091
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77929170B002159FEB15ABB8986877E7BE3BFC8640F248429E906DB385DE74DC06DB51
                                                                                                                                                                                                                                  Function 06B4C248 Relevance: .8, Instructions: 814COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 133491164a739291690f9c8034bbca07c90353626394665cc6e235eece6b7357
                                                                                                                                                                                                                                  • Instruction ID: 6a6e98afba6ca4b5b86af5f5a27d515743b2bd1b78239779e453de50dfda4643
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 133491164a739291690f9c8034bbca07c90353626394665cc6e235eece6b7357
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2182D1B4A01256CFEB68DF68D849B697BB5FF48704F1151E9C8099B362EB389C84DF40
                                                                                                                                                                                                                                  Function 06B4B0F8 Relevance: .4, Instructions: 393COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1243 6b4b0f8-6b4b139 1245 6b4b145-6b4b149 1243->1245 1246 6b4b13b-6b4b143 1243->1246 1247 6b4b14e-6b4b153 1245->1247 1246->1247 1248 6b4b155-6b4b15a 1247->1248 1249 6b4b15c-6b4b165 1247->1249 1250 6b4b168-6b4b16a 1248->1250 1249->1250 1251 6b4b4d6-6b4b500 1250->1251 1252 6b4b170-6b4b189 call 6b4af70 1250->1252 1276 6b4b507-6b4b547 1251->1276 1256 6b4b1d7-6b4b1de 1252->1256 1257 6b4b18b-6b4b19b 1252->1257 1261 6b4b1e0 1256->1261 1262 6b4b1e3-6b4b1f3 1256->1262 1258 6b4b1a1-6b4b1b9 1257->1258 1259 6b4b46e-6b4b48b 1257->1259 1263 6b4b494-6b4b49d 1258->1263 1264 6b4b1bf-6b4b1c6 1258->1264 1259->1263 1261->1262 1265 6b4b1f5-6b4b201 1262->1265 1266 6b4b203-6b4b220 1262->1266 1267 6b4b4a5-6b4b4cf 1263->1267 1264->1267 1268 6b4b1cc-6b4b1d6 1264->1268 1270 6b4b224-6b4b230 1265->1270 1266->1270 1267->1251 1271 6b4b236 1270->1271 1272 6b4b232-6b4b234 1270->1272 1275 6b4b239-6b4b23b 1271->1275 1272->1275 1275->1276 1277 6b4b241-6b4b256 1275->1277 1309 6b4b54e-6b4b58e 1276->1309 1278 6b4b266-6b4b283 1277->1278 1279 6b4b258-6b4b264 1277->1279 1281 6b4b287-6b4b293 1278->1281 1279->1281 1283 6b4b295-6b4b29a 1281->1283 1284 6b4b29c-6b4b2a5 1281->1284 1287 6b4b2a8-6b4b2aa 1283->1287 1284->1287 1289 6b4b2b0-6b4b2b2 call 6b4b5f0 1287->1289 1290 6b4b332-6b4b336 1287->1290 1294 6b4b2b8-6b4b2d8 call 6b4af70 1289->1294 1292 6b4b338-6b4b356 1290->1292 1293 6b4b36a-6b4b382 call 6b4ae38 1290->1293 1292->1293 1306 6b4b358-6b4b365 call 6b4af70 1292->1306 1308 6b4b387-6b4b3b1 call 6b4af70 1293->1308 1302 6b4b2e8-6b4b305 1294->1302 1303 6b4b2da-6b4b2e6 1294->1303 1307 6b4b309-6b4b315 1302->1307 1303->1307 1306->1257 1311 6b4b317-6b4b31c 1307->1311 1312 6b4b31e-6b4b327 1307->1312 1320 6b4b3c1-6b4b3de 1308->1320 1321 6b4b3b3-6b4b3bf 1308->1321 1335 6b4b595-6b4b5ee 1309->1335 1313 6b4b32a-6b4b32c 1311->1313 1312->1313 1313->1290 1313->1309 1322 6b4b3e2-6b4b3ee 1320->1322 1321->1322 1324 6b4b3f4 1322->1324 1325 6b4b3f0-6b4b3f2 1322->1325 1327 6b4b3f7-6b4b3f9 1324->1327 1325->1327 1327->1257 1328 6b4b3ff-6b4b40f 1327->1328 1330 6b4b411-6b4b41d 1328->1330 1331 6b4b41f-6b4b43c 1328->1331 1332 6b4b440-6b4b44c 1330->1332 1331->1332 1333 6b4b455-6b4b45e 1332->1333 1334 6b4b44e-6b4b453 1332->1334 1336 6b4b461-6b4b463 1333->1336 1334->1336 1336->1335 1337 6b4b469 1336->1337 1337->1252
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 10d0adfd77db3d657a63aca5da91cbd7431d0f0ce3e3c068bab6f176a5927a4c
                                                                                                                                                                                                                                  • Instruction ID: 3dcd1ae647de90ec56121462047b297d7d8b853b9d1d49b55373c43a7c47a82c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10d0adfd77db3d657a63aca5da91cbd7431d0f0ce3e3c068bab6f176a5927a4c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6F1E071E10256CFCB69DF75C4502ADFBB2FF85300F2486A9D506AB241EB38DA85DB90
                                                                                                                                                                                                                                  Function 057B8840 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ddf419022b8e7ba43c346b9fab3028eb44d595aa99a60120c6c413ca9ab0d025
                                                                                                                                                                                                                                  • Instruction ID: f3be3e3bc7e0b8aab2ce4f6c6b148241104c94196b158226c4cce0e552db7e32
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddf419022b8e7ba43c346b9fab3028eb44d595aa99a60120c6c413ca9ab0d025
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD1D574910218CFDB14DFB4D858A9DBBB2FF8A301F5085A9E81AA7254DF316985CF11
                                                                                                                                                                                                                                  Function 057B8850 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d2dfe7482464f1c807aff0ea4b224427e17155aef0190636d8bab5210b5c5795
                                                                                                                                                                                                                                  • Instruction ID: 8ed027d6bf22858ad8af29e76ab06bcdb5b7499f1d760b57ca792fc9bde9b3f1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2dfe7482464f1c807aff0ea4b224427e17155aef0190636d8bab5210b5c5795
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4ED1C574E10218CFDB14EFB4D858A9DBBB2FF8A301F5085A9E81AA7254DF316985CF11
                                                                                                                                                                                                                                  Function 057B5A38 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ed14d6edf022c9cb5bf1427c3f8b2d5aab186404f15c0cb51be5b5d7db96444b
                                                                                                                                                                                                                                  • Instruction ID: 21287efb5f677c6252b1d0f6901a916811513961fd3ca0b77c2a18e709931384
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed14d6edf022c9cb5bf1427c3f8b2d5aab186404f15c0cb51be5b5d7db96444b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C717B34A0034A8FDB05DFB4C899ADEBBF6BF89300F194166D005AB261EBB0AD45DB50
                                                                                                                                                                                                                                  Function 017EAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 0 17eae30-17eae3f 2 17eae6b-17eae6f 0->2 3 17eae41-17eae4e call 17e9838 0->3 5 17eae83-17eaec4 2->5 6 17eae71-17eae7b 2->6 8 17eae64 3->8 9 17eae50 3->9 12 17eaec6-17eaece 5->12 13 17eaed1-17eaedf 5->13 6->5 8->2 64 17eae56 call 17eb0c8 9->64 65 17eae56 call 17eb0b8 9->65 12->13 14 17eaf03-17eaf05 13->14 15 17eaee1-17eaee6 13->15 20 17eaf08-17eaf0f 14->20 17 17eaee8-17eaeef call 17ea814 15->17 18 17eaef1 15->18 16 17eae5c-17eae5e 16->8 19 17eafa0-17eafb7 16->19 22 17eaef3-17eaf01 17->22 18->22 32 17eafb9-17eb018 19->32 23 17eaf1c-17eaf23 20->23 24 17eaf11-17eaf19 20->24 22->20 26 17eaf25-17eaf2d 23->26 27 17eaf30-17eaf39 call 17ea824 23->27 24->23 26->27 33 17eaf3b-17eaf43 27->33 34 17eaf46-17eaf4b 27->34 52 17eb01a 32->52 33->34 35 17eaf4d-17eaf54 34->35 36 17eaf69-17eaf76 34->36 35->36 37 17eaf56-17eaf66 call 17ea834 call 17ea844 35->37 43 17eaf78-17eaf96 36->43 44 17eaf99-17eaf9f 36->44 37->36 43->44 53 17eb01c 52->53 54 17eb021-17eb024 52->54 55 17eb01e 53->55 56 17eb048-17eb060 53->56 57 17eb025-17eb046 54->57 55->57 58 17eb020 55->58 59 17eb068-17eb093 GetModuleHandleW 56->59 60 17eb062-17eb065 56->60 57->56 58->54 61 17eb09c-17eb0b0 59->61 62 17eb095-17eb09b 59->62 60->59 62->61 64->16 65->16
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 017EB086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 5b49471817c64125e935902e9105a0298378f622b12241a9b152fbe3f5cb0a01
                                                                                                                                                                                                                                  • Instruction ID: 99e8ed2fe24405a6476db8f64cb96720014888d946155a034598cc0c2c24a820
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b49471817c64125e935902e9105a0298378f622b12241a9b152fbe3f5cb0a01
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 578146B0A00B068FDB24DF29D44975AFBF1FF88204F00892DD196DBA51D775E84ACB91
                                                                                                                                                                                                                                  Function 017E5935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 66 17e5935-17e5936 67 17e593d 66->67 68 17e5938-17e593a 66->68 70 17e5941-17e5a01 CreateActCtxA 67->70 69 17e593c 68->69 68->70 69->67 72 17e5a0a-17e5a64 70->72 73 17e5a03-17e5a09 70->73 80 17e5a66-17e5a69 72->80 81 17e5a73-17e5a77 72->81 73->72 80->81 82 17e5a88 81->82 83 17e5a79-17e5a85 81->83 85 17e5a89 82->85 83->82 85->85
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 017E59F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 95a841eb99017c5f7f69ce7d975d5d0566cb3988a3d77c4d3d45d198ca0eccc6
                                                                                                                                                                                                                                  • Instruction ID: aeed1095203d74cbd94ec39e371bae40c656802ac2280dcd4edb2ca6796455b1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95a841eb99017c5f7f69ce7d975d5d0566cb3988a3d77c4d3d45d198ca0eccc6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA41DFB4C0071DCADB24CFA9C888B9DBBF5BF89314F20816AD508AB251DB756945CF90
                                                                                                                                                                                                                                  Function 057B0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 86 57b0bfc-57b42fc 90 57b43ac-57b43cc call 57b0ad4 86->90 91 57b4302-57b4307 86->91 98 57b43cf-57b43dc 90->98 92 57b435a-57b4392 CallWindowProcW 91->92 93 57b4309-57b4340 91->93 96 57b439b-57b43aa 92->96 97 57b4394-57b439a 92->97 100 57b4349-57b4358 93->100 101 57b4342-57b4348 93->101 96->98 97->96 100->98 101->100
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 057B4381
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                                                                                                  • Opcode ID: a5b4a9cf1045f2a4cf28f38640af3c0823349114684c0f69472a6f8e0e36b735
                                                                                                                                                                                                                                  • Instruction ID: 505f0c02bea8e52cd1467aa19f312760f73d578630328420cfa9a28b0d1f29a9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5b4a9cf1045f2a4cf28f38640af3c0823349114684c0f69472a6f8e0e36b735
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A412AB4904305CFDB14CF99C488BAEBBF6FF88314F248559D519AB322D775A841DBA0
                                                                                                                                                                                                                                  Function 017E4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 104 17e4248-17e5a01 CreateActCtxA 108 17e5a0a-17e5a64 104->108 109 17e5a03-17e5a09 104->109 116 17e5a66-17e5a69 108->116 117 17e5a73-17e5a77 108->117 109->108 116->117 118 17e5a88 117->118 119 17e5a79-17e5a85 117->119 121 17e5a89 118->121 119->118 121->121
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 017E59F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 96792a2cc612acd8cadababc81a25f17368322d28cca4c4d23c16f483df8c047
                                                                                                                                                                                                                                  • Instruction ID: e73a13cdc38f5ef2ee0f6643eb00e6d022ebcbb79222a1fe82ddee7b3cd8580a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96792a2cc612acd8cadababc81a25f17368322d28cca4c4d23c16f483df8c047
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5841DFB0C0071DCADB24CFA9C888B9DBBF5BF49314F20806AD508AB251DB756945CF90
                                                                                                                                                                                                                                  Function 017EC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 122 17ec9a0-17ed394 DuplicateHandle 125 17ed39d-17ed3ba 122->125 126 17ed396-17ed39c 122->126 126->125
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,017ED2C6,?,?,?,?,?), ref: 017ED387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 9ad7bb72c46168b90446bf2806d23c172b1e43d6f66be48c60f9c1cb6b880e16
                                                                                                                                                                                                                                  • Instruction ID: b3f0c284e577ad83e84919d60e8509507c7d36ce3116f69c161b7f1b8fc22600
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ad7bb72c46168b90446bf2806d23c172b1e43d6f66be48c60f9c1cb6b880e16
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C21E4B5900209DFDB10CF9AD985ADEFBF5EB48320F14841AE918A7351D374A950CFA4
                                                                                                                                                                                                                                  Function 017ED2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 129 17ed2f9-17ed2fe 130 17ed305-17ed394 DuplicateHandle 129->130 131 17ed300-17ed304 129->131 132 17ed39d-17ed3ba 130->132 133 17ed396-17ed39c 130->133 131->130 133->132
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,017ED2C6,?,?,?,?,?), ref: 017ED387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: c6f54d8a762e6c88caed9d863d1d27192b332750e43cdfb4742faf3d6c6bd792
                                                                                                                                                                                                                                  • Instruction ID: 022d4cbf29aaae1760e3ceb5f1e11069ab20ee1f0731e7540c0b7841acdf22ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6f54d8a762e6c88caed9d863d1d27192b332750e43cdfb4742faf3d6c6bd792
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF21E3B5D00209DFDB10CF9AD985ADEFBF5EB48324F24801AE918A7251D374A950CFA4
                                                                                                                                                                                                                                  Function 06B4EB1C Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 136 6b4eb1c-6b4ef68 138 6b4ef70-6b4ef9b LoadLibraryW 136->138 139 6b4ef6a-6b4ef6d 136->139 140 6b4efa4-6b4efc1 138->140 141 6b4ef9d-6b4efa3 138->141 139->138 141->140
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06B4EE86), ref: 06B4EF8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                  • Opcode ID: 8f7355a1b3ba5131b0d8c028f680a36b5429943aa84d5f729a2806437304136a
                                                                                                                                                                                                                                  • Instruction ID: 54cb48a589ed41b5ecaf2b01baf63b1c78d8da3e0fcdde9996f70583a0d967a0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7355a1b3ba5131b0d8c028f680a36b5429943aa84d5f729a2806437304136a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D51123B5C052498FEB10DF9AD444A9EFBF4EF88224F14845AD819A7210C379A946CFA5
                                                                                                                                                                                                                                  Function 06B4EF27 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 144 6b4ef27-6b4ef68 146 6b4ef70-6b4ef9b LoadLibraryW 144->146 147 6b4ef6a-6b4ef6d 144->147 148 6b4efa4-6b4efc1 146->148 149 6b4ef9d-6b4efa3 146->149 147->146 149->148
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06B4EE86), ref: 06B4EF8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                  • Opcode ID: b233a1e9c35ce0d91a3cd9bc3dc3dcc3db0955b9acabed022875d0662c653740
                                                                                                                                                                                                                                  • Instruction ID: c2b92f1b6b70ca18612dd94db166864963716b4567d26903213999b88107a7d5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b233a1e9c35ce0d91a3cd9bc3dc3dcc3db0955b9acabed022875d0662c653740
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E81143B6C003098FDB10DFAAD844ADEFBF4EF88324F14845AD818A7610C378A545CFA1
                                                                                                                                                                                                                                  Function 017EB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 152 17eb020-17eb060 156 17eb068-17eb093 GetModuleHandleW 152->156 157 17eb062-17eb065 152->157 158 17eb09c-17eb0b0 156->158 159 17eb095-17eb09b 156->159 157->156 159->158
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 017EB086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: ba44fbb9834caf97d2fa0606a1ff862eca2d6e4706617b4f2f4114433d7f15e4
                                                                                                                                                                                                                                  • Instruction ID: f6cf5818938102f6ed95b7534c224bb9905c50a92bc53d52c868313581aae4b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba44fbb9834caf97d2fa0606a1ff862eca2d6e4706617b4f2f4114433d7f15e4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 381110B5C003498FDB20CF9AC444ADEFFF4EB88220F10842AD528B7210C379A545CFA5
                                                                                                                                                                                                                                  Function 016DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344172575.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fa6d0bd5e8614986052b078094ef9c99b1fb977075f9b4a9cc1b8a7b6a7411d4
                                                                                                                                                                                                                                  • Instruction ID: 6eabbcbe9cbd58f02711fa6c924315ba434d875d5ed4a26c661bf4467a739f17
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa6d0bd5e8614986052b078094ef9c99b1fb977075f9b4a9cc1b8a7b6a7411d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74210371901204EFDB15EF94D9C0B6ABF65FB88324F20C56DE90A4B296C336E456CAA1
                                                                                                                                                                                                                                  Function 016ED01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344217753.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_16ed000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0409088215f525a61d62346e3a6a2e6e43af1fc3e21b921185fb6d0bc3aef529
                                                                                                                                                                                                                                  • Instruction ID: 2cd6b54f2cb95bb11ba007600eb74360f3fb11bee7526d03755c6b06731df657
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0409088215f525a61d62346e3a6a2e6e43af1fc3e21b921185fb6d0bc3aef529
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD21F271604204DFDB15DF54D988B16BFA5FB84314F28C66DD90A4B396C33AD447CA61
                                                                                                                                                                                                                                  Function 016ED006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344217753.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_16ed000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 846ee1128f02487ee7b86d54967909cc151e0d89bc6a342ea991c7c3cd8070e6
                                                                                                                                                                                                                                  • Instruction ID: 0e1cdf8393e3ed1fe73fb36ffc5a68c2331f91546e77e3bd42602b17785c2b5a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 846ee1128f02487ee7b86d54967909cc151e0d89bc6a342ea991c7c3cd8070e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A82192755093808FCB03CF24D994715BFB1FB46214F28C6DAD8498F2A7C33A980ACB62
                                                                                                                                                                                                                                  Function 016DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344172575.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                                                                                                                                                                  • Instruction ID: 74d25db11f8d19c8e8b15315f78f768c098556597244f2c5ea658920623e045d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9611DF72804240DFCB12DF44D9C0B56BF71FB84324F24C2A9D8090B297C33AE456CBA1
                                                                                                                                                                                                                                  Function 016DDA28 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344172575.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 469983de93dc2e8fb7ce56defe6da424692ed7c806134d5058eaa7fb7f75f717
                                                                                                                                                                                                                                  • Instruction ID: 342df0b2535a6c0ff42b0f76d570dee144654bc588ba7e84e20351cd60e434ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 469983de93dc2e8fb7ce56defe6da424692ed7c806134d5058eaa7fb7f75f717
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F0C271409344AEE7108A5ADC84B62FF98EB80625F18C45AED084B2C6C3799840CAB1

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 06B492E0 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .$1
                                                                                                                                                                                                                                  • API String ID: 0-1839485796
                                                                                                                                                                                                                                  • Opcode ID: 963a8e7320ab39b0714120ab1165f0913b1637b19224902cb903eb8713966dfe
                                                                                                                                                                                                                                  • Instruction ID: 4b5c6d1a7f8f7a31c7523c25ca3d8f658208953fca1cedb88343640cf642beb0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 963a8e7320ab39b0714120ab1165f0913b1637b19224902cb903eb8713966dfe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF1CE74E02228CFDB68DF65D894B9DBBB2FF89301F5081E9D509AB290DB355A81CF50
                                                                                                                                                                                                                                  Function 06B47088 Relevance: 2.3, Strings: 1, Instructions: 1088COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 3$
                                                                                                                                                                                                                                  • API String ID: 0-744035709
                                                                                                                                                                                                                                  • Opcode ID: b8e6d07832f9f8b842a09c0f785e3a3695eadc34a74646baf56cb492e590abb4
                                                                                                                                                                                                                                  • Instruction ID: af330be03226e371f5d49bbcdbd776f1501962209db86e9a5ff072f5f3da7ce9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8e6d07832f9f8b842a09c0f785e3a3695eadc34a74646baf56cb492e590abb4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96C28FB4E122298FDB64DF24D998B9DB7B6FB49301F5081E9D809A7350DB34AE81CF44
                                                                                                                                                                                                                                  Function 06B46618 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: SG
                                                                                                                                                                                                                                  • API String ID: 0-2636074552
                                                                                                                                                                                                                                  • Opcode ID: f263bd5f797ab17f7fa86a24826c35d150bff988ac09fd0418e89cc4da893049
                                                                                                                                                                                                                                  • Instruction ID: b6a998f42af52b89661d02008a73776cca7fdba9637756c41eaefc2c1d6cedb1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f263bd5f797ab17f7fa86a24826c35d150bff988ac09fd0418e89cc4da893049
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F91F7B0E01219CFDB64DFA8D944B9DBBB2FF4A300F1081A9D449AB351EB305A85CF50
                                                                                                                                                                                                                                  Function 06B45300 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4f90f23dee489885a712fbf353bf9b4ee314bdd1bd13ae35fa449fb79c437c5d
                                                                                                                                                                                                                                  • Instruction ID: 3baa1aa8b3b8a94ed168a579b308560e259ce7b76667197556e9c8be2f0c06df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f90f23dee489885a712fbf353bf9b4ee314bdd1bd13ae35fa449fb79c437c5d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E229FB5E01629CFDBA4DF65C850BD9B7B2BF89300F1091EAD549AB250EB316E81CF50
                                                                                                                                                                                                                                  Function 06B43118 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 43ea439f1fcbf0012cff81224a329c29995d88b68e13e79c643e75d16b67ef94
                                                                                                                                                                                                                                  • Instruction ID: 06bc32002ccee7fe605b5b20a69a933d4fbc06e4c1929448abbcf1d60cb90562
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43ea439f1fcbf0012cff81224a329c29995d88b68e13e79c643e75d16b67ef94
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C226CB4E01228CFDBA4DF65C990B9DBBB2BB49300F1091EAD549AB350DB319E85CF51
                                                                                                                                                                                                                                  Function 06B44928 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2335eb8dbb2f5b8feec90b8de44b4a21d9fe8f976fa290ae8d3c791b17daf023
                                                                                                                                                                                                                                  • Instruction ID: 0ae7b93c57b22a88436d40083ba5b75867a778662f36258efb48da3458877ed6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2335eb8dbb2f5b8feec90b8de44b4a21d9fe8f976fa290ae8d3c791b17daf023
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE02AD74A01229CFDBA4DF64C894B9EB7B2BF89300F1091E9D509A7350DB31AE85CF51
                                                                                                                                                                                                                                  Function 057B0040 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0ceeee7cc359aa543181c6bdca5773dc0d41c96432b5675d1af73dde512777fa
                                                                                                                                                                                                                                  • Instruction ID: 0a2d3584e7d2f3a524a7722394cff5cbb92f084c011232dc5cd807cae6bd2c5a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ceeee7cc359aa543181c6bdca5773dc0d41c96432b5675d1af73dde512777fa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 811282F24017458AE330CF65E94C1897BB9FBC6328B904329D2656F6E9DBB8164BCF44
                                                                                                                                                                                                                                  Function 06B440F0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c6d72f02f2ed446458c032e74f472605bd8a5cda19f2e9dd74db35d0f47132dc
                                                                                                                                                                                                                                  • Instruction ID: 1473de7a6c8d954b59542dbf327c8552db437d7a744791d114894775888e10c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6d72f02f2ed446458c032e74f472605bd8a5cda19f2e9dd74db35d0f47132dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4D17FB4E01228CFDB64DFA5C984B9DBBF2FF89301F1091A9D409AB255DB309985CF50
                                                                                                                                                                                                                                  Function 06B41400 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a70dbead5ca8f918ca87d4183ae49f2a14238947b1ffe67433317b8c719de041
                                                                                                                                                                                                                                  • Instruction ID: e0810a1ff6e49056f6f86f644a76c40308a17cfc4cc830b3c9d07934f6239841
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a70dbead5ca8f918ca87d4183ae49f2a14238947b1ffe67433317b8c719de041
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58D10931D1075A8ADB11EB64D894A9DF7B1FFA5300F10CB9AD50A3B250EB70AAC5CF51
                                                                                                                                                                                                                                  Function 06B48630 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 36b4bf7dc38f3cc961871025e4d13f30f542887b797b15c9cabd82bc2e871992
                                                                                                                                                                                                                                  • Instruction ID: 14fd90e01a750532cf7b8438f04f63eb0f3cb49d2e246852e87f2b0384eeb3ba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36b4bf7dc38f3cc961871025e4d13f30f542887b797b15c9cabd82bc2e871992
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51C1D6B4D012298FEB68DF65C850BDEB7B2BF89300F1091EAC449BB254DB719A85DF50
                                                                                                                                                                                                                                  Function 017EDC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2344519960.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_17e0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bf5a8e8b96d90e5ab81122d7ebf47c7e3d73ea1320663111d48736458931a7bb
                                                                                                                                                                                                                                  • Instruction ID: 825faaf62c7da87e678e394a20c44cbc351835411ec6a09d2a79c9497409d535
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf5a8e8b96d90e5ab81122d7ebf47c7e3d73ea1320663111d48736458931a7bb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76A16C32A002168FCF15DFB8C8485DEFBF2FF89300B15856AE905AB265DB75E955CB80
                                                                                                                                                                                                                                  Function 06B41410 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8e5832f176bbc16c9b44313ba76a356025902bf13505464006744890e03ea31c
                                                                                                                                                                                                                                  • Instruction ID: 31e57454fbe17ea246bb0168ac3a71b1c681311d30495e138f0239e812afb640
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e5832f176bbc16c9b44313ba76a356025902bf13505464006744890e03ea31c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD1E831D1075A8ADB10EB64D994A9DF7B1FFA5300F10CB9AE50A37250EB70AAC5CF51
                                                                                                                                                                                                                                  Function 057B0007 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2350451279.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_57b0000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a039187ebf14539024f26b55a5975df6e268fa1dbdc1a28c0908189f577fb563
                                                                                                                                                                                                                                  • Instruction ID: 6a58714ae4f64562599784eb8f1fd82c8de7a8e94f896ffbf64a61ae41364777
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a039187ebf14539024f26b55a5975df6e268fa1dbdc1a28c0908189f577fb563
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BED108B28017458FD720CF65E8481897BB9FBC6324B954329D1616F2E9DBB8164BCF44
                                                                                                                                                                                                                                  Function 06B43B98 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ec3f66f1561ad39d1a5abfa289748da74e70c7bab890e2b69c759d8ae1736ed6
                                                                                                                                                                                                                                  • Instruction ID: c4fe6aa193e82c0edf8d35d673424bfc6010ddd87fc4260d62459cce9017dd4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec3f66f1561ad39d1a5abfa289748da74e70c7bab890e2b69c759d8ae1736ed6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80B18174E01229CFDB64DF69C894B9DBBB2BF89300F1085AAD409AB355DB319E85CF50
                                                                                                                                                                                                                                  Function 06B45D68 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0c7c175f40e9512d9d02808e0d5c3249ee97bc646116e0ff582bb110d8c2e522
                                                                                                                                                                                                                                  • Instruction ID: 97dd26d3b898cab652f08a1b52836a1ebf2254fb663e1df0e8495c7a6250e7b6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7c175f40e9512d9d02808e0d5c3249ee97bc646116e0ff582bb110d8c2e522
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EA1C2B4E01229CFDB64DFA5C894BAEBBB2FF89300F1090A9D409AB355DB315985CF51
                                                                                                                                                                                                                                  Function 06B42C60 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1c9d3e2e1923fdfbe744fe112f279afc8c87b69ed8b41741e8a14d791affa975
                                                                                                                                                                                                                                  • Instruction ID: e2b00ddae9df638780f7b77756daa7fa21f2ca5ae838b699924d463f76ee7f55
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c9d3e2e1923fdfbe744fe112f279afc8c87b69ed8b41741e8a14d791affa975
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F91B574E01218CFDB58DFA5D488A9DBBF2FF89305F209569E409AB354DB359982DF00
                                                                                                                                                                                                                                  Function 06B48623 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: db0b438bcc9149a8700ad269e166cd50760352f75bc5a9bf3579b931f119deda
                                                                                                                                                                                                                                  • Instruction ID: 32679065a4b3f8b41c08030004c3836c6a04f56fbedb20d97c8bd51335ff00f0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db0b438bcc9149a8700ad269e166cd50760352f75bc5a9bf3579b931f119deda
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7591C870E012198FEB68DF65C954BDEBBB2BF89300F10D1EAC549AB254DB354A85CF50
                                                                                                                                                                                                                                  Function 06B43B8A Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1e85af31b0031bfffc8788548098bf145a973152eca681026003cb5c5d15532b
                                                                                                                                                                                                                                  • Instruction ID: 86d30cb739678f22703d38a68ab794c94dae86c02049b58fa2a2a7cd086d8d6b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e85af31b0031bfffc8788548098bf145a973152eca681026003cb5c5d15532b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 984127B1E016199BEB68DFA6C80479EFBF7AF85300F14D1A9C808AB355DB700946DF90
                                                                                                                                                                                                                                  Function 06B47078 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4c5e0176952fa3a6db2f9be8e67e77d0b08d250b79e0071bf875ee704c084763
                                                                                                                                                                                                                                  • Instruction ID: 6306909df6088cc3acf341f8beeb1bb5ef8ae843cdfac872f24cc607932dc0f3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c5e0176952fa3a6db2f9be8e67e77d0b08d250b79e0071bf875ee704c084763
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F41E675E022299FDB68DF2ADC4879DBBB2EB89301F1091E9D40DA7215DB305E85CF44
                                                                                                                                                                                                                                  Function 06B440E0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2360590636.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_u233hvgTow.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c98afa57ace77512af5f3b4a262ea311d29cb467d9e8564990cafa2f6efede84
                                                                                                                                                                                                                                  • Instruction ID: cbfa11febb310674517e7f0ceaf4b4a5d1fb81aa8b4253701d2ae8ed3fadb458
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c98afa57ace77512af5f3b4a262ea311d29cb467d9e8564990cafa2f6efede84
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D3192B5E016588BEB58DFAAD8406DEFBF7AFC9300F14D12AC518AB254EB305806CF54