Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uFVtW2gkkN.exe

Overview

General Information

Sample name:uFVtW2gkkN.exe
renamed because original name is a hash value
Original sample name:0c8cf3050320256cbdcc32691f38181ec71a700e.exe
Analysis ID:1582811
MD5:ae16de1c6c9e15f640b4d4b04310c4be
SHA1:0c8cf3050320256cbdcc32691f38181ec71a700e
SHA256:3e1fd18a294c1e2903cce49b29b42fe5669043c6f4a7f2b4bae865b7cbc0169e
Tags:exeuser-NDA0E
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • uFVtW2gkkN.exe (PID: 7396 cmdline: "C:\Users\user\Desktop\uFVtW2gkkN.exe" MD5: AE16DE1C6C9E15F640B4D4B04310C4BE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "FJCX", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
uFVtW2gkkN.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    uFVtW2gkkN.exeinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
    • 0x24cc3:$gen01: ChromeGetRoamingName
    • 0x24ce8:$gen02: ChromeGetLocalName
    • 0x24d2b:$gen03: get_UserDomainName
    • 0x28bc4:$gen04: get_encrypted_key
    • 0x27943:$gen05: browserPaths
    • 0x27c19:$gen06: GetBrowsers
    • 0x27501:$gen07: get_InstalledInputLanguages
    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
    • 0x296f2:$spe9: *wallet*
    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1683183240.00000000001A2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Process Memory Space: uFVtW2gkkN.exe PID: 7396JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: uFVtW2gkkN.exe PID: 7396JoeSecurity_RedLineYara detected RedLine StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.uFVtW2gkkN.exe.1a0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                0.0.uFVtW2gkkN.exe.1a0000.0.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                • 0x24cc3:$gen01: ChromeGetRoamingName
                • 0x24ce8:$gen02: ChromeGetLocalName
                • 0x24d2b:$gen03: get_UserDomainName
                • 0x28bc4:$gen04: get_encrypted_key
                • 0x27943:$gen05: browserPaths
                • 0x27c19:$gen06: GetBrowsers
                • 0x27501:$gen07: get_InstalledInputLanguages
                • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                • 0x296f2:$spe9: *wallet*
                • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-31T15:04:23.074928+010020432341A Network Trojan was detected185.81.68.1471912192.168.2.449730TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-31T15:04:22.839306+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:28.374638+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:29.131904+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:29.488711+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:29.717720+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:29.943598+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:30.234409+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:30.239422+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:31.317347+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:31.538913+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:31.955774+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:32.262007+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:32.485963+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:33.253623+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:33.517140+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:33.870322+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:34.117321+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:34.432249+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:34.654092+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:34.877445+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:35.124264+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:35.342912+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:35.562204+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                2024-12-31T15:04:35.830981+010020432311A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-31T15:04:29.136762+010020460561A Network Trojan was detected185.81.68.1471912192.168.2.449730TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-31T15:04:22.839306+010020460451A Network Trojan was detected192.168.2.449730185.81.68.1471912TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: uFVtW2gkkN.exeMalware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "FJCX", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                Multi AV Scanner detection for submitted file
                Source: uFVtW2gkkN.exeVirustotal: Detection: 72%Perma Link
                Source: uFVtW2gkkN.exeReversingLabs: Detection: 78%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: uFVtW2gkkN.exeJoe Sandbox ML: detected
                Source: uFVtW2gkkN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: uFVtW2gkkN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdbX source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.0000000000881000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.ServiceModel.pdb> source: uFVtW2gkkN.exe, 00000000.00000002.1840317069.00000000067C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.ServiceModel.pdb source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.00000000008EF000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.0000000000881000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 4x nop then jmp 051E6CEFh0_2_051E6590
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_051E7110
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 4x nop then jmp 051EA3A0h0_2_051E9EA8
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 4x nop then jmp 051E7B44h0_2_051E7880

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49730 -> 185.81.68.147:1912
                Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49730 -> 185.81.68.147:1912
                Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.4:49730
                Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.4:49730
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: 185.81.68.147:1912
                Source: global trafficTCP traffic: 192.168.2.4:49730 -> 185.81.68.147:1912
                Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
                Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                Source: uFVtW2gkkN.exe, 00000000.00000002.1830369212.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModeld
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002746000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.000000000274E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: uFVtW2gkkN.exeString found in binary or memory: https://api.ip.sb/ip
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: uFVtW2gkkN.exe, type: SAMPLEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                Source: 0.0.uFVtW2gkkN.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_00ACDC740_2_00ACDC74
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E65900_2_051E6590
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E87180_2_051E8718
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E71100_2_051E7110
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E7C980_2_051E7C98
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051EBCB80_2_051EBCB8
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051ECE080_2_051ECE08
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E9EA80_2_051E9EA8
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E71000_2_051E7100
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E2D2F0_2_051E2D2F
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E2D590_2_051E2D59
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E2D680_2_051E2D68
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E48A00_2_051E48A0
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E5BC00_2_051E5BC0
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_071307780_2_07130778
                Source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.000000000084E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\000004B0\\OriginalFilename vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\040904B0\\OriginalFilename vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\080904B0\\OriginalFilename vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exe, 00000000.00000000.1683224204.00000000001E6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs uFVtW2gkkN.exe
                Source: uFVtW2gkkN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: uFVtW2gkkN.exe, type: SAMPLEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                Source: 0.0.uFVtW2gkkN.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeMutant created: NULL
                Source: uFVtW2gkkN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: uFVtW2gkkN.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002B3E000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002B55000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: uFVtW2gkkN.exeVirustotal: Detection: 72%
                Source: uFVtW2gkkN.exeReversingLabs: Detection: 78%
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                Source: uFVtW2gkkN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: uFVtW2gkkN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdbX source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.0000000000881000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.ServiceModel.pdb> source: uFVtW2gkkN.exe, 00000000.00000002.1840317069.00000000067C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.ServiceModel.pdb source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.00000000008EF000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.0000000000881000.00000004.00000020.00020000.00000000.sdmp
                Source: uFVtW2gkkN.exeStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E5720 push es; ret 0_2_051E5750
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E5670 push es; ret 0_2_051E5750
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E8031 push D005DB0Ah; retf 0_2_051E803D
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E3AD7 push ebx; retf 0_2_051E3ADA
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeMemory allocated: 820000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeMemory allocated: 4580000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWindow / User API: threadDelayed 991Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWindow / User API: threadDelayed 3665Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exe TID: 7544Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exe TID: 7416Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: uFVtW2gkkN.exe, 00000000.00000002.1830769693.000000000092C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeCode function: 0_2_051E8718 LdrInitializeThunk,0_2_051E8718
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Users\user\Desktop\uFVtW2gkkN.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                Stealing of Sensitive Information

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: uFVtW2gkkN.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.uFVtW2gkkN.exe.1a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1683183240.00000000001A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: uFVtW2gkkN.exe PID: 7396, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                Source: C:\Users\user\Desktop\uFVtW2gkkN.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                Source: Yara matchFile source: Process Memory Space: uFVtW2gkkN.exe PID: 7396, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: uFVtW2gkkN.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.uFVtW2gkkN.exe.1a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1683183240.00000000001A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: uFVtW2gkkN.exe PID: 7396, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Masquerading                		1
                OS Credential Dumping                		221
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol2
                Data from Local System                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                Virtualization/Sandbox Evasion                		Security Account Manager241
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Timestomp                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                uFVtW2gkkN.exe72%VirustotalBrowse
                uFVtW2gkkN.exe78%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                uFVtW2gkkN.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://schemas.datacontract.org/2004/07/System.ServiceModeld0%Avira URL Cloudsafe
                http://schemas.datacontract.org/2004/07/System.ServiceModel0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                No contacted domains info

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                185.81.68.147:1912false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabuFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.datacontract.orguFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id14ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id23ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id12ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.datacontract.org/2004/07/System.ServiceModelduFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id2ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id21ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id9uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id8uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id6ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id5uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id4uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id7uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002746000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://purl.oenuFVtW2gkkN.exe, 00000000.00000002.1830369212.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id19ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/AborteduFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id13ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id15ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://tempuri.org/Entity/Id5ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisteruFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Entity/Id6ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.ip.sb/ipuFVtW2gkkN.exefalse
                                                                                                        		high
                                                                                                        http://schemas.datacontract.org/2004/07/uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/scuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id1ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CanceluFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id9ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id20uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id21uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id22uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id23uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id24uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.datacontract.org/2004/07/System.ServiceModeluFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://tempuri.org/Entity/Id24ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.ecosia.org/newtab/uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000369A000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.000000000367F000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037EF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1833894503.00000000037D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id1ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequesteduFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegouFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tempuri.org/Entity/Id21ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002757000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressinguFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trustuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://tempuri.org/Entity/Id10uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://tempuri.org/Entity/Id11uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/Entity/Id12uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id16ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CanceluFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id13uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tempuri.org/Entity/Id14uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://tempuri.org/Entity/Id15uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://tempuri.org/Entity/Id16uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/NonceuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id17uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id18uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id5ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id19uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://tempuri.org/Entity/Id15ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://tempuri.org/Entity/Id10ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RenewuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id11ResponseDuFVtW2gkkN.exe, 00000000.00000002.1831584041.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://tempuri.org/Entity/Id8ResponseuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0uFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDuFVtW2gkkN.exe, 00000000.00000002.1831584041.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    185.81.68.147
                                                                                                                                                                                                                    		unknownFinland
                                                                                                                                                                                                                    		50108KLNOPT-ASFItrue

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                    Analysis ID:1582811
                                                                                                                                                                                                                    Start date and time:2024-12-31 15:03:28 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 3m 24s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:4
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:uFVtW2gkkN.exe
                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                    Original Sample Name:0c8cf3050320256cbdcc32691f38181ec71a700e.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    • Number of executed functions: 26
                                                                                                                                                                                                                    • Number of non-executed functions: 6
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    09:04:32API Interceptor24x Sleep call for process: uFVtW2gkkN.exe modified

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    185.81.68.14752kYJGCon6.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                    • 185.81.68.147/data.php
                                                                                                                                                                                                                    CwQQqCmqkY.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                    • 185.81.68.147/gg.php
                                                                                                                                                                                                                    uFVgJVXaEU.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/VzCAHn.php?2F409E82DCA61388941053
                                                                                                                                                                                                                    m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/VzCAHn.php?443320E440F81953448019
                                                                                                                                                                                                                    3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/VzCAHn.php?65D35BAB97073674480464
                                                                                                                                                                                                                    K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/VzCAHn.php?616766F8886C145454191
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                    • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                                                                                                                                                                    mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    KLNOPT-ASFInXkktDu3Fp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    52kYJGCon6.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    CwQQqCmqkY.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    uFVgJVXaEU.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.148

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\uFVtW2gkkN.exe.log

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\uFVtW2gkkN.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3293
                                                                                                                                                                                                                    Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5sql:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qp
                                                                                                                                                                                                                    MD5:4597EFE428DB18BB65EEC00E0E0EC7B1
                                                                                                                                                                                                                    SHA1:FC763F5655835DFA6E032D20FE81DE058DB88509
                                                                                                                                                                                                                    SHA-256:CC68860A21A25EDB4BDE922B5E4C1AC0D9735D5E189387E8CDC2466EEE8DEDFE
                                                                                                                                                                                                                    SHA-512:EE25B64D8221DAAFABA5908002725D8A9E5D851CC77D752C66A5572773A9F087C210D9C53CBC1A63C0BEFE99616D27D1373170BD6716BEC743ADD7BE5C66E07E
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):5.0819550541134895
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                    File name:uFVtW2gkkN.exe
                                                                                                                                                                                                                    File size:307'712 bytes
                                                                                                                                                                                                                    MD5:ae16de1c6c9e15f640b4d4b04310c4be
                                                                                                                                                                                                                    SHA1:0c8cf3050320256cbdcc32691f38181ec71a700e
                                                                                                                                                                                                                    SHA256:3e1fd18a294c1e2903cce49b29b42fe5669043c6f4a7f2b4bae865b7cbc0169e
                                                                                                                                                                                                                    SHA512:e42b0cd82857484ed0a796c767fd7c9cfdef637d6fba9759be52c124c90eea69f0a19a10bdaf2f17efaabb2e9ee69a9f771a3f3fc394c5b79cc89462f1351f37
                                                                                                                                                                                                                    SSDEEP:3072:2cZqf7D341p/0+mAIkygIQQUgWsB1fA0PuTVAtkxzE/3RoeqiOL2bBOA:2cZqf7DIvnyjPB1fA0GTV8k6oL
                                                                                                                                                                                                                    TLSH:E4645A5833E8C910DA7F4775D861D67093B0BCA3A556E70B4FC4ACAB3D32740EA50AB6
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x4302be
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x302700x4b.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9c6.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x20000x2e2c40x2e4007732cc4b9685e9b7fa87f008dccb9dbcFalse0.47498416385135134data6.1870426495782525IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rsrc0x320000x1c9c60x1ca00a8cf3f8ff27a4a736ba8fb433d91107fFalse0.2380765556768559data2.615031395625776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .reloc0x500000xc0x200b930e640a53471bfabaa3c1506fb3c25False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_ICON0x322200x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                                                                                    RT_ICON0x35f240x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                                                                                    RT_ICON0x4674c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                                                                                    RT_ICON0x4a9740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                                                                                    RT_ICON0x4cf1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                                                                                    RT_ICON0x4dfc40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                                                                                    RT_GROUP_ICON0x4e42c0x5adata0.7666666666666667
                                                                                                                                                                                                                    RT_VERSION0x4e4880x352data0.4447058823529412
                                                                                                                                                                                                                    RT_MANIFEST0x4e7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                    2024-12-31T15:04:22.839306+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:22.839306+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:23.074928+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.81.68.1471912192.168.2.449730TCP
                                                                                                                                                                                                                    2024-12-31T15:04:28.374638+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:29.131904+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:29.136762+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.81.68.1471912192.168.2.449730TCP
                                                                                                                                                                                                                    2024-12-31T15:04:29.488711+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:29.717720+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:29.943598+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:30.234409+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:30.239422+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:31.317347+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:31.538913+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:31.955774+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:32.262007+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:32.485963+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:33.253623+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:33.517140+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:33.870322+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:34.117321+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:34.432249+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:34.654092+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:34.877445+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:35.124264+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:35.342912+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:35.562204+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP
                                                                                                                                                                                                                    2024-12-31T15:04:35.830981+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449730185.81.68.1471912TCP

                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.096101999 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.101038933 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.101164103 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.110114098 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.114918947 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.804653883 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.839306116 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:22.844238043 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:23.074928045 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:23.130440950 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.374638081 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.379529953 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.594840050 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.594928026 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.594979048 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.595006943 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.595029116 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.595041037 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.595047951 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:28.595110893 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.131903887 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.136761904 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.352375031 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.396096945 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.488711119 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.493597031 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.709424973 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.717720032 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.722613096 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.722636938 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.722649097 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.722708941 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.941241026 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.943598032 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:29.948471069 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.162069082 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.208554029 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.234409094 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239331007 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239356995 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239370108 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239382029 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239401102 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239422083 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239485979 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239518881 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239537001 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239567995 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239576101 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239586115 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.239615917 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244010925 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244021893 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244045019 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244054079 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244069099 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244076014 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244126081 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244126081 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244175911 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244184971 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244220972 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244226933 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244271040 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244426012 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244436026 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244446993 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244467974 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244489908 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244493961 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244515896 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244520903 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244551897 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.244586945 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248785019 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248816967 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248853922 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248877048 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248897076 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248905897 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248960018 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248975039 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.248984098 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249033928 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249135017 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249186039 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249257088 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249265909 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249291897 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249300957 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249313116 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249334097 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249342918 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249342918 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249361992 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249363899 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249381065 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249383926 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249392033 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249403000 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249475002 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249483109 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249495029 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249504089 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249525070 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249535084 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249552965 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249576092 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249586105 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249594927 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249598980 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249629021 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249636889 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249639034 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249649048 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249660015 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249684095 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249686956 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249696016 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249707937 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249708891 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249717951 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249744892 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.249772072 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253580093 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253588915 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253648996 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253654957 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253658056 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253670931 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253710032 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253724098 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253784895 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253797054 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253827095 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253921986 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253941059 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253950119 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253968954 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253976107 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253983974 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.253995895 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254014969 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254023075 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254051924 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254060030 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254097939 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254106045 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254123926 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254132032 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254167080 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254175901 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254206896 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254235029 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254266024 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254302979 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254326105 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254342079 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254391909 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254400015 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254426956 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254435062 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254551888 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254559994 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254574060 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254591942 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254604101 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254611015 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254622936 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254630089 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254652023 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254659891 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254667997 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254676104 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254687071 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254694939 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254714966 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254724026 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254730940 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254743099 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254764080 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254771948 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254806995 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254848957 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254858017 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254864931 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254884005 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.254892111 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255019903 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255028963 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255039930 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255055904 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255067110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255074978 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255085945 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255094051 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255120039 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255127907 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255156040 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255163908 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255198956 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255211115 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255234957 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255243063 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255274057 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255281925 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.255300045 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258445024 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258721113 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258734941 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258847952 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258862972 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258872032 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258888006 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258892059 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258907080 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258915901 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258919001 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.258955002 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259218931 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259294987 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259615898 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259762049 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259772062 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259860992 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259870052 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259907961 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.259917974 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260015011 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260021925 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260035992 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260052919 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260066032 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260102034 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260121107 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260155916 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260164976 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260190964 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260200024 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260221004 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260230064 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260250092 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260252953 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260320902 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260348082 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260375023 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260385036 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260416985 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260525942 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260534048 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260546923 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260555983 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260565042 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260571003 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260581017 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260592937 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260615110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260626078 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260653019 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260664940 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260673046 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260679960 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260696888 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260705948 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260719061 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260726929 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260740042 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260762930 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260790110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260808945 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260817051 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260833025 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260842085 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260867119 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.260875940 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.261147022 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.261230946 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264038086 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264162064 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264172077 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264292955 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264302015 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264322042 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264362097 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264439106 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264446974 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264503956 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264513016 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264586926 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264595985 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264714956 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264730930 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264740944 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264753103 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264770031 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264780998 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264791965 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264807940 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264816999 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264828920 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264870882 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264884949 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264904022 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264911890 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264933109 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264940977 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264954090 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.264962912 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265078068 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265086889 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265094042 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265096903 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265100002 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265104055 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265108109 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265110970 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265144110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265153885 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265173912 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265182018 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265235901 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265244961 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265255928 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265266895 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265288115 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265295982 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265314102 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265324116 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265326977 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265341043 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265361071 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265614986 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.265700102 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266067028 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266079903 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266125917 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266134977 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266205072 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266216040 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266324997 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266334057 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266352892 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266366005 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266460896 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266472101 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266509056 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266515970 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266549110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266558886 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266617060 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266627073 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266640902 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266649008 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266669989 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266683102 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266685963 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266690016 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266693115 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266695976 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266720057 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266724110 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266727924 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266738892 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266807079 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266815901 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266853094 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266860008 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266864061 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266891003 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266912937 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266922951 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.266936064 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267075062 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267102957 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267123938 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267132998 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267153025 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267163992 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267178059 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267185926 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267196894 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267210007 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267219067 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267230988 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267239094 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.267258883 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270503044 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270519018 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270550013 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270559072 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270605087 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270613909 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270636082 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270684004 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270734072 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270746946 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270747900 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270768881 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270819902 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270833969 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270843983 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270852089 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270880938 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270891905 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270919085 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270931005 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270982027 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.270991087 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271015882 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271024942 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271059990 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271068096 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271106005 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271115065 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271138906 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271147013 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271173954 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271183014 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271207094 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271214962 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271223068 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271239042 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271276951 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271286011 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271323919 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271336079 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271346092 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271353960 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271375895 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271388054 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271399021 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271410942 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271428108 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271440029 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271467924 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271544933 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271553993 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271565914 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271580935 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271590948 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.271596909 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275619984 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275755882 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275763988 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275778055 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275785923 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275806904 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275815964 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275840044 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275849104 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275878906 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275935888 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.275990009 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276000023 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276036024 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276043892 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276077986 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276096106 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276129007 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276137114 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276222944 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276231050 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276284933 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276293993 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276324034 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276331902 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276494026 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276503086 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276524067 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276532888 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276546955 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276557922 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276624918 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276637077 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276649952 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276660919 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276673079 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276680946 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276684999 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276696920 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276719093 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276726961 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276740074 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276747942 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276768923 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276777983 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276788950 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276798010 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276808977 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276818991 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276830912 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276838064 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276859999 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276868105 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276875973 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.276889086 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.280781031 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.280797005 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.281080008 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.281147957 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.326881886 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.327124119 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:30.375005007 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.309412003 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.317347050 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.322109938 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.535662889 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.538913012 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.543698072 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.954586029 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.955774069 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:31.962055922 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.174398899 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.224212885 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.262006998 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.266854048 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.481069088 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.485963106 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.490770102 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.704220057 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:32.755410910 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.253623009 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.258558035 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.258574963 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.258590937 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.472893000 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.517139912 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.522002935 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.735528946 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.786665916 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.870321989 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875230074 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875246048 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875269890 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875283957 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875307083 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875329018 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875349998 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875361919 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875375032 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875386953 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875408888 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875423908 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875439882 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875462055 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875473022 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875488043 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:33.875500917 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.091449976 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.117321014 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.122108936 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338077068 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338090897 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338154078 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338182926 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338207960 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338216066 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338222980 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338265896 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.338294983 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.432249069 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.437160015 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.650283098 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.654092073 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.658945084 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.872296095 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.877444983 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:34.882296085 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.096738100 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.124264002 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.129134893 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.342298985 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.342911959 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.347695112 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.561168909 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.562203884 CET497301912192.168.2.4185.81.68.147
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.567064047 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.781006098 CET191249730185.81.68.147192.168.2.4
                                                                                                                                                                                                                    Dec 31, 2024 15:04:35.830981016 CET497301912192.168.2.4185.81.68.147

                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:09:04:20
                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\uFVtW2gkkN.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\uFVtW2gkkN.exe"
                                                                                                                                                                                                                    Imagebase:0x1a0000
                                                                                                                                                                                                                    File size:307'712 bytes
                                                                                                                                                                                                                    MD5 hash:AE16DE1C6C9E15F640B4D4B04310C4BE
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1683183240.00000000001A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:11.9%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                      Signature Coverage:5.1%
                                                                                                                                                                                                                      Total number of Nodes:79
                                                                                                                                                                                                                      Total number of Limit Nodes:15
                                                                                                                                                                                                                      execution_graph 28386 ac4668 28387 ac4684 28386->28387 28388 ac4696 28387->28388 28390 ac47a0 28387->28390 28391 ac47c5 28390->28391 28395 ac48b0 28391->28395 28399 ac48a1 28391->28399 28396 ac48d7 28395->28396 28397 ac49b4 28396->28397 28403 ac4248 28396->28403 28400 ac48d7 28399->28400 28401 ac49b4 28400->28401 28402 ac4248 CreateActCtxA 28400->28402 28402->28401 28404 ac5940 CreateActCtxA 28403->28404 28406 ac5a03 28404->28406 28442 acd0b8 28443 acd0fe GetCurrentProcess 28442->28443 28445 acd150 GetCurrentThread 28443->28445 28449 acd149 28443->28449 28446 acd18d GetCurrentProcess 28445->28446 28447 acd186 28445->28447 28448 acd1c3 28446->28448 28447->28446 28450 acd1eb GetCurrentThreadId 28448->28450 28449->28445 28451 acd21c 28450->28451 28452 acad38 28453 acad47 28452->28453 28456 acae20 28452->28456 28461 acae30 28452->28461 28457 acae64 28456->28457 28458 acae41 28456->28458 28457->28453 28458->28457 28459 acb068 GetModuleHandleW 28458->28459 28460 acb095 28459->28460 28460->28453 28462 acae64 28461->28462 28463 acae41 28461->28463 28462->28453 28463->28462 28464 acb068 GetModuleHandleW 28463->28464 28465 acb095 28464->28465 28465->28453 28407 51e76d8 28408 51e76ff 28407->28408 28409 51e7784 28408->28409 28416 51e8718 28408->28416 28420 51e9463 28408->28420 28424 51e9b17 28408->28424 28428 51e9bf6 28408->28428 28432 51e91b8 28408->28432 28436 51e8708 28408->28436 28419 51e8745 28416->28419 28417 51e9be0 28418 51e9093 LdrInitializeThunk 28418->28419 28419->28417 28419->28418 28422 51e8878 28420->28422 28421 51e9be0 28422->28421 28423 51e9093 LdrInitializeThunk 28422->28423 28423->28422 28427 51e8878 28424->28427 28425 51e9be0 28426 51e9093 LdrInitializeThunk 28426->28427 28427->28425 28427->28426 28429 51e9be0 28428->28429 28431 51e8878 28428->28431 28430 51e9093 LdrInitializeThunk 28430->28431 28431->28429 28431->28430 28433 51e8878 28432->28433 28434 51e9be0 28433->28434 28435 51e9093 LdrInitializeThunk 28433->28435 28435->28433 28439 51e8718 28436->28439 28437 51e9be0 28438 51e9093 LdrInitializeThunk 28438->28439 28439->28437 28439->28438 28440 acd300 DuplicateHandle 28441 acd396 28440->28441 28466 51ee901 28467 51ee89c 28466->28467 28468 51ee90a 28466->28468 28472 51ef9a0 28467->28472 28476 51ef991 28467->28476 28469 51ee8bd 28473 51ef9e8 28472->28473 28474 51ef9f1 28473->28474 28480 51ef6dc 28473->28480 28474->28469 28477 51ef9e8 28476->28477 28478 51ef9f1 28477->28478 28479 51ef6dc LoadLibraryW 28477->28479 28478->28469 28479->28478 28481 51efae8 LoadLibraryW 28480->28481 28483 51efb5d 28481->28483 28483->28474

                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                      Function 051EBCB8 Relevance: 6.6, Strings: 5, Instructions: 388COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 294 51ebcb8-51ebcf9 296 51ebcfb-51ebd03 294->296 297 51ebd05-51ebd09 294->297 298 51ebd0e-51ebd13 296->298 297->298 299 51ebd1c-51ebd25 298->299 300 51ebd15-51ebd1a 298->300 301 51ebd28-51ebd2a 299->301 300->301 302 51ec096-51ec0c0 301->302 303 51ebd30-51ebd49 call 51ebb30 301->303 327 51ec0c7-51ec107 302->327 307 51ebd4b-51ebd5b 303->307 308 51ebd97-51ebd9e 303->308 309 51ec02e-51ec04b 307->309 310 51ebd61-51ebd79 307->310 312 51ebda3-51ebdb3 308->312 313 51ebda0 308->313 317 51ec054-51ec05d 309->317 316 51ebd7f-51ebd86 310->316 310->317 314 51ebdb5-51ebdc1 312->314 315 51ebdc3-51ebde0 312->315 313->312 318 51ebde4-51ebdf0 314->318 315->318 319 51ebd8c-51ebd96 316->319 320 51ec065-51ec08f 316->320 317->320 322 51ebdf6 318->322 323 51ebdf2-51ebdf4 318->323 320->302 326 51ebdf9-51ebdfb 322->326 323->326 326->327 328 51ebe01-51ebe16 326->328 362 51ec10e-51ec14e 327->362 330 51ebe18-51ebe24 328->330 331 51ebe26-51ebe43 328->331 333 51ebe47-51ebe53 330->333 331->333 335 51ebe5c-51ebe65 333->335 336 51ebe55-51ebe5a 333->336 338 51ebe68-51ebe6a 335->338 336->338 340 51ebef2-51ebef6 338->340 341 51ebe70-51ebe72 call 51ec1b0 338->341 343 51ebf2a-51ebf42 call 51eb9f8 340->343 344 51ebef8-51ebf16 340->344 345 51ebe78-51ebe98 call 51ebb30 341->345 361 51ebf47-51ebf71 call 51ebb30 343->361 344->343 358 51ebf18-51ebf25 call 51ebb30 344->358 351 51ebe9a-51ebea6 345->351 352 51ebea8-51ebec5 345->352 356 51ebec9-51ebed5 351->356 352->356 359 51ebede-51ebee7 356->359 360 51ebed7-51ebedc 356->360 358->307 365 51ebeea-51ebeec 359->365 360->365 371 51ebf73-51ebf7f 361->371 372 51ebf81-51ebf9e 361->372 386 51ec155-51ec1ab 362->386 365->340 365->362 374 51ebfa2-51ebfae 371->374 372->374 375 51ebfb4 374->375 376 51ebfb0-51ebfb2 374->376 377 51ebfb7-51ebfb9 375->377 376->377 377->307 379 51ebfbf-51ebfcf 377->379 380 51ebfdf-51ebffc 379->380 381 51ebfd1-51ebfdd 379->381 383 51ec000-51ec00c 380->383 381->383 384 51ec00e-51ec013 383->384 385 51ec015-51ec01e 383->385 387 51ec021-51ec023 384->387 385->387 387->386 388 51ec029 387->388 388->303
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: Hhq$Hhq$Hhq$Hhq$Hhq
                                                                                                                                                                                                                      • API String ID: 0-1427472961
                                                                                                                                                                                                                      • Opcode ID: 0e3aeee82a456de9a79b12eb1cbbe367693cd502607b0b4fb88af3e7358054c2
                                                                                                                                                                                                                      • Instruction ID: aa53e2354e4b0034419233f50d157863eba64da81ff533cbf3f478a00307cac2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e3aeee82a456de9a79b12eb1cbbe367693cd502607b0b4fb88af3e7358054c2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3F1AE75E04656CBCB29CF74C4502BDFBB3BF85300F29C669D506AB241EB789A85CB90
                                                                                                                                                                                                                      Function 051E7110 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 499 51e7110-51e7130 500 51e7137-51e7200 499->500 501 51e7132 499->501 510 51e74e2-51e74eb 500->510 501->500 511 51e7205-51e720e 510->511 512 51e74f1-51e750c 510->512 513 51e7215-51e7239 511->513 514 51e7210 511->514 516 51e750e-51e7517 512->516 517 51e7518 512->517 519 51e723b-51e7244 513->519 520 51e7246-51e728b 513->520 514->513 516->517 522 51e7519 517->522 523 51e729c-51e72a3 519->523 549 51e7296 520->549 522->522 524 51e72cd 523->524 525 51e72a5-51e72b1 523->525 529 51e72d3-51e72da 524->529 527 51e72bb-51e72c1 525->527 528 51e72b3-51e72b9 525->528 530 51e72cb 527->530 528->530 531 51e72dc-51e72e5 529->531 532 51e72e7-51e733b 529->532 530->529 534 51e734c-51e7353 531->534 556 51e7346 532->556 537 51e737d 534->537 538 51e7355-51e7361 534->538 539 51e7383-51e7395 537->539 540 51e736b-51e7371 538->540 541 51e7363-51e7369 538->541 546 51e7397-51e73b0 539->546 547 51e73b2-51e73b4 539->547 544 51e737b 540->544 541->544 544->539 550 51e73b7-51e73c2 546->550 547->550 549->523 553 51e7498-51e74b3 550->553 554 51e73c8-51e7497 550->554 558 51e74bf 553->558 559 51e74b5-51e74be 553->559 554->553 556->534 558->510 559->558
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $dq$$dq$$dq$$dq
                                                                                                                                                                                                                      • API String ID: 0-185584874
                                                                                                                                                                                                                      • Opcode ID: 0ed284fa56f44b3adbf01db638ea8f09b6ff59d19eb335b1377c3435b335a33d
                                                                                                                                                                                                                      • Instruction ID: a48b011da92113317425bca5b873bcdd83d8753fb5feaa4748d07056a2afc7f8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ed284fa56f44b3adbf01db638ea8f09b6ff59d19eb335b1377c3435b335a33d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75C1D870E05658CFEB68DFA5C990B9EBBB2FF49300F208169D409AB295DB345D86CF50
                                                                                                                                                                                                                      Function 07130778 Relevance: 3.1, Strings: 2, Instructions: 626COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 734 7130778-713079a 735 71307a0-71307db call 71304fc call 713050c call 713051c 734->735 736 7130b4a-7130b4f 734->736 748 71307ee-713080e 735->748 749 71307dd-71307e7 735->749 738 7130b51-7130b53 736->738 739 7130b59-7130b5c 736->739 738->739 912 7130b5e call 7130718 739->912 913 7130b5e call 7130778 739->913 741 7130b64-7130b6c 743 7130b72-7130b79 741->743 751 7130821-7130841 748->751 752 7130810-713081a 748->752 749->748 754 7130843-713084d 751->754 755 7130854-7130874 751->755 752->751 754->755 757 7130887-7130890 call 713052c 755->757 758 7130876-7130880 755->758 761 7130892-71308ad call 713052c 757->761 762 71308b4-71308bd call 713053c 757->762 758->757 761->762 767 71308e1-71308ea call 713054c 762->767 768 71308bf-71308da call 713053c 762->768 774 71308f5-7130911 767->774 775 71308ec-71308f0 call 713055c 767->775 768->767 779 7130913-7130919 774->779 780 7130929-713092d 774->780 775->774 781 713091b 779->781 782 713091d-713091f 779->782 783 7130947-713098f 780->783 784 713092f-7130940 call 713056c 780->784 781->780 782->780 790 71309b3-71309ba 783->790 791 7130991 783->791 784->783 793 71309d1-71309df call 713057c 790->793 794 71309bc-71309cb 790->794 792 7130994-713099a 791->792 796 71309a0-71309a6 792->796 797 7130b7a-7130bb9 792->797 802 71309e1-71309e3 793->802 803 71309e9-7130a13 call 713058c 793->803 794->793 799 71309b0-71309b1 796->799 800 71309a8-71309aa 796->800 805 7130bbb-7130bdc 797->805 806 7130c18-7130c28 797->806 799->790 799->792 800->799 802->803 819 7130a40-7130a5c 803->819 820 7130a15-7130a23 803->820 805->806 814 7130bde-7130be4 805->814 811 7130dfe-7130e05 806->811 812 7130c2e-7130c38 806->812 817 7130e07-7130e0f call 71306d0 811->817 818 7130e14-7130e27 811->818 815 7130c42-7130c4c 812->815 816 7130c3a-7130c41 812->816 821 7130bf2-7130bf7 814->821 822 7130be6-7130be8 814->822 823 7130c52-7130c92 815->823 824 7130e31-7130ed2 815->824 817->818 832 7130a6f-7130a96 call 713059c 819->832 833 7130a5e-7130a68 819->833 820->819 835 7130a25-7130a39 820->835 826 7130c04-7130c11 821->826 827 7130bf9-7130bfd 821->827 822->821 852 7130c94-7130c9a 823->852 853 7130caa-7130cae 823->853 884 7130ed4 824->884 885 7130ed9-7130f0f 824->885 826->806 827->826 844 7130a98-7130a9e 832->844 845 7130aae-7130ab2 832->845 833->832 835->819 847 7130aa2-7130aa4 844->847 848 7130aa0 844->848 849 7130ab4-7130ac6 845->849 850 7130acd-7130ae9 845->850 847->845 848->845 849->850 861 7130b01-7130b05 850->861 862 7130aeb-7130af1 850->862 854 7130c9e-7130ca0 852->854 855 7130c9c 852->855 857 7130cb0-7130cd5 853->857 858 7130cdb-7130cf3 call 71306b0 853->858 854->853 855->853 857->858 874 7130d00-7130d08 858->874 875 7130cf5-7130cfa 858->875 861->743 866 7130b07-7130b15 861->866 864 7130af3 862->864 865 7130af5-7130af7 862->865 864->861 865->861 876 7130b27-7130b2b 866->876 877 7130b17-7130b25 866->877 878 7130d0a-7130d18 call 71306c0 874->878 879 7130d1e-7130d3d 874->879 875->874 883 7130b31-7130b49 876->883 877->876 877->883 878->879 890 7130d55-7130d59 879->890 891 7130d3f-7130d45 879->891 884->885 897 7130f11 885->897 898 7130f19 885->898 895 7130db2-7130dfb 890->895 896 7130d5b-7130d68 890->896 893 7130d47 891->893 894 7130d49-7130d4b 891->894 893->890 894->890 895->811 902 7130d6a-7130d9c 896->902 903 7130d9e-7130dab 896->903 897->898 904 7130f1a 898->904 902->903 903->895 904->904 912->741 913->741
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1842191388.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 0V}$0V}
                                                                                                                                                                                                                      • API String ID: 0-670342930
                                                                                                                                                                                                                      • Opcode ID: dfd34f96816ccdf26936bccabc6218dc6ce15b0a8e9314eae803e1a841bdf6f2
                                                                                                                                                                                                                      • Instruction ID: e1b01be3ea5cea8245cac7800eedc437f9c996238fae93f695381c56302c62db
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfd34f96816ccdf26936bccabc6218dc6ce15b0a8e9314eae803e1a841bdf6f2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59329BB0B012098FDB19DB69D550BAEBBF7AF88300F1544ADE50A9B3A1CB35ED01CB51
                                                                                                                                                                                                                      Function 051E9EA8 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 914 51e9ea8-51e9eda 917 51e9edc 914->917 918 51e9ee1-51e9fad 914->918 917->918 923 51e9faf-51e9fbd 918->923 924 51e9fc2 918->924 925 51ea470-51ea47d 923->925 987 51e9fc8 call 51eacee 924->987 988 51e9fc8 call 51ead7c 924->988 989 51e9fc8 call 51eac18 924->989 990 51e9fc8 call 51eab69 924->990 991 51e9fc8 call 51eacd2 924->991 926 51e9fce-51ea07e 934 51ea3ff-51ea429 926->934 936 51ea42f-51ea46e 934->936 937 51ea083-51ea299 934->937 936->925 964 51ea2a5-51ea2ef 937->964 967 51ea2f7-51ea2f9 964->967 968 51ea2f1 964->968 969 51ea300-51ea307 967->969 970 51ea2fb 968->970 971 51ea2f3-51ea2f5 968->971 972 51ea309-51ea380 969->972 973 51ea381-51ea3a7 969->973 970->969 971->967 971->970 972->973 976 51ea3a9-51ea3b2 973->976 977 51ea3b4-51ea3c0 973->977 978 51ea3c6-51ea3e5 976->978 977->978 982 51ea3fb-51ea3fc 978->982 983 51ea3e7-51ea3fa 978->983 982->934 983->982 987->926 988->926 989->926 990->926 991->926
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: .$1
                                                                                                                                                                                                                      • API String ID: 0-1839485796
                                                                                                                                                                                                                      • Opcode ID: b9c4d5894d0cca5417fe212069144ac3593114b59df442163cbaf6fe05c39dfd
                                                                                                                                                                                                                      • Instruction ID: e30cc2104c7efd1847031d6858311c3821b9167ee5d48ec4c41fad4fd4bd57ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9c4d5894d0cca5417fe212069144ac3593114b59df442163cbaf6fe05c39dfd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7F1DE74E01229CFDB68DF65C884B9DBBB2FF89301F5081A9D50AAB254DB319E85CF50
                                                                                                                                                                                                                      Function 051E7C98 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 992 51e7c98-51e7cb8 993 51e7cbf-51e7d46 992->993 994 51e7cba 992->994 998 51e7d6a-51e7d83 993->998 999 51e7d48-51e7d67 993->999 994->993 1002 51e7f07-51e7f1d 998->1002 999->998 1003 51e7d88-51e7dae 1002->1003 1004 51e7f23-51e7f47 1002->1004 1009 51e7db5-51e7de5 1003->1009 1010 51e7db0 1003->1010 1013 51e7e06 1009->1013 1014 51e7de7-51e7df0 1009->1014 1010->1009 1017 51e7e09-51e7e96 1013->1017 1015 51e7df7-51e7dfa 1014->1015 1016 51e7df2-51e7df5 1014->1016 1018 51e7e04 1015->1018 1016->1018 1026 51e7e98-51e7eac 1017->1026 1027 51e7ee3-51e7ef4 1017->1027 1018->1017 1031 51e7eb5-51e7ee1 1026->1031 1030 51e7ef5-51e7f04 1027->1030 1030->1002 1031->1030
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $dq$$dq
                                                                                                                                                                                                                      • API String ID: 0-2340669324
                                                                                                                                                                                                                      • Opcode ID: e4cc0631988f81cd168f67fa5b9e1458cc6b4b998cc3e29f9b9c9846598d33c4
                                                                                                                                                                                                                      • Instruction ID: d7fb21756e8ff4f2d90f7b987bac7d8b538fbb39e43f2b8851902c1fcc05dc58
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4cc0631988f81cd168f67fa5b9e1458cc6b4b998cc3e29f9b9c9846598d33c4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB91D674D01218CFDB18DFA9D594AADBBF2FF89301F608469E409AB354DB359982CF50
                                                                                                                                                                                                                      Function 051E8718 Relevance: 2.6, APIs: 1, Instructions: 1088COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1111 51e8718-51e8743 1112 51e874a-51e87e6 1111->1112 1113 51e8745 1111->1113 1116 51e8838-51e8873 1112->1116 1117 51e87e8-51e8832 1112->1117 1113->1112 1122 51e9bc1-51e9bda 1116->1122 1117->1116 1125 51e8878-51e8a07 1122->1125 1126 51e9be0-51e9c06 1122->1126 1144 51e9b79-51e9b93 1125->1144 1129 51e9c08-51e9c14 1126->1129 1130 51e9c15 1126->1130 1129->1130 1133 51e9c16 1130->1133 1133->1133 1146 51e8a0c-51e8b50 1144->1146 1147 51e9b99-51e9bbd 1144->1147 1163 51e8b52-51e8b7e 1146->1163 1164 51e8b83-51e8bca 1146->1164 1147->1122 1167 51e8c11-51e8dc8 1163->1167 1170 51e8bef-51e8bfe 1164->1170 1171 51e8bcc-51e8bed 1164->1171 1192 51e8e1a-51e8e25 1167->1192 1193 51e8dca-51e8e14 1167->1193 1175 51e8c04-51e8c10 1170->1175 1171->1175 1175->1167 1358 51e8e2b call 51e9d30 1192->1358 1359 51e8e2b call 51e9d20 1192->1359 1193->1192 1195 51e8e31-51e8e95 1200 51e8ee7-51e8ef2 1195->1200 1201 51e8e97-51e8ee1 1195->1201 1360 51e8ef8 call 51e9d30 1200->1360 1361 51e8ef8 call 51e9d20 1200->1361 1201->1200 1203 51e8efe-51e8f61 1208 51e8fb3-51e8fbe 1203->1208 1209 51e8f63-51e8fad 1203->1209 1354 51e8fc4 call 51e9d30 1208->1354 1355 51e8fc4 call 51e9d20 1208->1355 1209->1208 1211 51e8fca-51e9003 1214 51e947c-51e9503 1211->1214 1215 51e9009-51e906c 1211->1215 1226 51e9505-51e955b 1214->1226 1227 51e9561-51e956c 1214->1227 1223 51e906e 1215->1223 1224 51e9073-51e90c5 LdrInitializeThunk call 51e85ec 1215->1224 1223->1224 1235 51e90ca-51e91f2 call 51e6590 call 51e8128 call 51e3ca4 call 51e3cb4 1224->1235 1226->1227 1356 51e9572 call 51e9d30 1227->1356 1357 51e9572 call 51e9d20 1227->1357 1231 51e9578-51e9605 1245 51e9607-51e965d 1231->1245 1246 51e9663-51e966e 1231->1246 1269 51e945f-51e947b 1235->1269 1270 51e91f8-51e924a 1235->1270 1245->1246 1352 51e9674 call 51e9d30 1246->1352 1353 51e9674 call 51e9d20 1246->1353 1248 51e967a-51e96f2 1260 51e96f4-51e974a 1248->1260 1261 51e9750-51e975b 1248->1261 1260->1261 1350 51e9761 call 51e9d30 1261->1350 1351 51e9761 call 51e9d20 1261->1351 1264 51e9767-51e97d3 1279 51e9825-51e9830 1264->1279 1280 51e97d5-51e981f 1264->1280 1269->1214 1277 51e929c-51e9317 1270->1277 1278 51e924c-51e9296 1270->1278 1293 51e9369-51e93e3 1277->1293 1294 51e9319-51e9363 1277->1294 1278->1277 1362 51e9836 call 51e9d30 1279->1362 1363 51e9836 call 51e9d20 1279->1363 1280->1279 1281 51e983c-51e9881 1295 51e99b7-51e9b60 1281->1295 1296 51e9887-51e99b6 1281->1296 1309 51e9435-51e945e 1293->1309 1310 51e93e5-51e942f 1293->1310 1294->1293 1347 51e9b78 1295->1347 1348 51e9b62-51e9b77 1295->1348 1296->1295 1309->1269 1310->1309 1347->1144 1348->1347 1350->1264 1351->1264 1352->1248 1353->1248 1354->1211 1355->1211 1356->1231 1357->1231 1358->1195 1359->1195 1360->1203 1361->1203 1362->1281 1363->1281
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5bff317eaeeed4dc052cb9fde5aea7544117bc28513b3a7382431922b102cedd
                                                                                                                                                                                                                      • Instruction ID: 4c62187779d1c2c3581e782b0c3335555ef00c0678f27ddbc7532ddabb0e0971
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bff317eaeeed4dc052cb9fde5aea7544117bc28513b3a7382431922b102cedd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36C28D74A022298FCB65DF24D998B9DB7B2FB89301F1085E9D40DA7365DB34AE85CF40
                                                                                                                                                                                                                      Function 051ECE08 Relevance: .8, Instructions: 814COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5bfaf1e6e6d8ae1353e95af347515bed7b1e9e052443365cc6636e749e2e0a1e
                                                                                                                                                                                                                      • Instruction ID: 403b979e64544c6ac6e0df39f7a89e3488b8f9fe4e67b572c58be9d1b7b64312
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bfaf1e6e6d8ae1353e95af347515bed7b1e9e052443365cc6636e749e2e0a1e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1829074604616CFDB65EF24E944F797BB2BF44304F1840AAD80A9B366EB309D46DFA0
                                                                                                                                                                                                                      Function 051E6590 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4b03c67736f654d32b3b0ba5c7fa6b8c18b30b9f111a428b863669b24891f5d6
                                                                                                                                                                                                                      • Instruction ID: 8102f5ea00100c5e15fadbc7db82622edba7f296022f2e244c2c4014c0166989
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b03c67736f654d32b3b0ba5c7fa6b8c18b30b9f111a428b863669b24891f5d6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A228D74E016298FDB64DF64C890BDDB7B2BF99300F5081EAD549AB250EB306E85CF40
                                                                                                                                                                                                                      Function 051E7880 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: aa79f7b82cb8f601fd781836a45002e80408d7b1a8a69ae34e7d8dedde18717a
                                                                                                                                                                                                                      • Instruction ID: 3d549e13d11321a9a4574c558b3ffefdb07f47007af33f713a08d98c7bfaec13
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa79f7b82cb8f601fd781836a45002e80408d7b1a8a69ae34e7d8dedde18717a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D91E274E01229CFDB64DFA8D984B9DBBB2BF49300F1085A9D509B7355EB30AA85CF41
                                                                                                                                                                                                                      Function 051E7100 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4257f4a558b57927c96fa6081c1ca5b9e208cfc7970056e6dca004d3eecf8290
                                                                                                                                                                                                                      • Instruction ID: 7055bde8b8454304e6299be80c8f8bba83251a555966c80675e13082061a2c5c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4257f4a558b57927c96fa6081c1ca5b9e208cfc7970056e6dca004d3eecf8290
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F441C3B1E01608CBEB18DFA6D95469EBBF2FF89300F24C52AD409AB254DB345946CB50
                                                                                                                                                                                                                      Function 00ACD0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 396 acd0a8-acd147 GetCurrentProcess 400 acd149-acd14f 396->400 401 acd150-acd184 GetCurrentThread 396->401 400->401 402 acd18d-acd1c1 GetCurrentProcess 401->402 403 acd186-acd18c 401->403 404 acd1ca-acd1e5 call acd289 402->404 405 acd1c3-acd1c9 402->405 403->402 409 acd1eb-acd21a GetCurrentThreadId 404->409 405->404 410 acd21c-acd222 409->410 411 acd223-acd285 409->411 410->411
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00ACD136
                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00ACD173
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00ACD1B0
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00ACD209
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                      • Opcode ID: 81839c0fd4e5b9edd9478f17c1dcad43de0891c72677bdcf2954d92722a5b7f9
                                                                                                                                                                                                                      • Instruction ID: 7a9d5adec451e0a5160d7afce1aaa07c599f2fb65e734ef13648fa66de6490d0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81839c0fd4e5b9edd9478f17c1dcad43de0891c72677bdcf2954d92722a5b7f9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 355175B09003498FDB18DFAAD548B9EBFF1EF88310F24845DE009A73A0DB745988CB65
                                                                                                                                                                                                                      Function 00ACD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 418 acd0b8-acd147 GetCurrentProcess 422 acd149-acd14f 418->422 423 acd150-acd184 GetCurrentThread 418->423 422->423 424 acd18d-acd1c1 GetCurrentProcess 423->424 425 acd186-acd18c 423->425 426 acd1ca-acd1e5 call acd289 424->426 427 acd1c3-acd1c9 424->427 425->424 431 acd1eb-acd21a GetCurrentThreadId 426->431 427->426 432 acd21c-acd222 431->432 433 acd223-acd285 431->433 432->433
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00ACD136
                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00ACD173
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00ACD1B0
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00ACD209
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                      • Opcode ID: 184456fe6be141b9318f562a9dea6995272bd38f0b5a1ab0154f320712dc29af
                                                                                                                                                                                                                      • Instruction ID: b043ee8f643e6f615e4b91ab06ecbdd13438be983b46439aab6f3262316d1d9d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 184456fe6be141b9318f562a9dea6995272bd38f0b5a1ab0154f320712dc29af
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 935147B09003098FDB14DFAAD548B9EBBF1EF88310F25845DE419A73A0DB745988CF65
                                                                                                                                                                                                                      Function 00ACAE30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 440 acae30-acae3f 441 acae6b-acae6f 440->441 442 acae41-acae4e call ac9838 440->442 443 acae71-acae7b 441->443 444 acae83-acaec4 441->444 449 acae64 442->449 450 acae50 442->450 443->444 451 acaec6-acaece 444->451 452 acaed1-acaedf 444->452 449->441 497 acae56 call acb0b8 450->497 498 acae56 call acb0c8 450->498 451->452 453 acaee1-acaee6 452->453 454 acaf03-acaf05 452->454 457 acaee8-acaeef call aca814 453->457 458 acaef1 453->458 456 acaf08-acaf0f 454->456 455 acae5c-acae5e 455->449 459 acafa0-acafb7 455->459 462 acaf1c-acaf23 456->462 463 acaf11-acaf19 456->463 461 acaef3-acaf01 457->461 458->461 473 acafb9-acb018 459->473 461->456 464 acaf25-acaf2d 462->464 465 acaf30-acaf39 call aca824 462->465 463->462 464->465 471 acaf3b-acaf43 465->471 472 acaf46-acaf4b 465->472 471->472 474 acaf4d-acaf54 472->474 475 acaf69-acaf76 472->475 491 acb01a-acb060 473->491 474->475 476 acaf56-acaf66 call aca834 call aca844 474->476 480 acaf78-acaf96 475->480 481 acaf99-acaf9f 475->481 476->475 480->481 492 acb068-acb093 GetModuleHandleW 491->492 493 acb062-acb065 491->493 494 acb09c-acb0b0 492->494 495 acb095-acb09b 492->495 493->492 495->494 497->455 498->455
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00ACB086
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                      • String ID: 0V}$0V}
                                                                                                                                                                                                                      • API String ID: 4139908857-670342930
                                                                                                                                                                                                                      • Opcode ID: 71ba27be3c39c040191ad5a6ca5e17a20f0dd6d208df488941e14e94295b5629
                                                                                                                                                                                                                      • Instruction ID: 24ad38e050f3b3f3a237a89b352bdb16d47c62c63c09b3c06cece283767f0b03
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71ba27be3c39c040191ad5a6ca5e17a20f0dd6d208df488941e14e94295b5629
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9815AB0A00B098FD724DF29D145B6ABBF1FF98304F01892DE48AD7A50DB75E949CB91
                                                                                                                                                                                                                      Function 00AC5935 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 00AC59F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                      • Opcode ID: c41dd19a5d90cfcd00f1d88f14f53b2c2c81abe4f1798f659c423542e6dd0433
                                                                                                                                                                                                                      • Instruction ID: b5e31fbc8f8c29a47239d3add372c6406d29cfb97b752880c19f2bad22a490f5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c41dd19a5d90cfcd00f1d88f14f53b2c2c81abe4f1798f659c423542e6dd0433
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D841F2B0C00659CADB24CFAAC884BDDBBF5FF45314F20815AD409AB251DB75298ACF50
                                                                                                                                                                                                                      Function 00AC4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 00AC59F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                      • Opcode ID: 9c5685b7add06ef5b8a491cef50dae59e1c660105ab9e7b93b9148eb69eb9b5a
                                                                                                                                                                                                                      • Instruction ID: 0459ba966e45c78d7c81640ddeb3c21c37dfc961aea9cc65ddf4eb71301cc883
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c5685b7add06ef5b8a491cef50dae59e1c660105ab9e7b93b9148eb69eb9b5a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE41D2B0C00719CADB24DFAAC844B9EBBF5FF44314F21815AD409AB251DB756989CF90
                                                                                                                                                                                                                      Function 00ACD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00ACD387
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                      • Opcode ID: 5570d34a10296766b4ae20206375a6e00e407619f30d6c26e5b5c07725b84018
                                                                                                                                                                                                                      • Instruction ID: 52d35d8f84a6d6c0c3e79a3c871d555e059a87b7890e69a274a4fa5be98c42ea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5570d34a10296766b4ae20206375a6e00e407619f30d6c26e5b5c07725b84018
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC2103B59002499FDB10CFAAD885AEEBFF5EB48320F14801AE958A3310C374A944CFA1
                                                                                                                                                                                                                      Function 00ACD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00ACD387
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                      • Opcode ID: 7f990107c749446ac247de49b9a12866e4e0da2cba24575c645ae56fa75f407e
                                                                                                                                                                                                                      • Instruction ID: 5ae6d3861689800819189379fcb008c8608ab7f4fe0378a1385abc0e5b96ac07
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f990107c749446ac247de49b9a12866e4e0da2cba24575c645ae56fa75f407e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7321E4B59003499FDB10CF9AD985ADEFBF4EB48310F14801AE918A7350C374A954CFA5
                                                                                                                                                                                                                      Function 051EF6DC Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,051EFA46), ref: 051EFB4E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                      • Opcode ID: dff95334234ca3364113cece6672380cc069089388c9f88d9dfef5186705a126
                                                                                                                                                                                                                      • Instruction ID: 80df513283a0e583a8d5d42d4f1c472c69e40aff324f07cb937a71e65c14b4fa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dff95334234ca3364113cece6672380cc069089388c9f88d9dfef5186705a126
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 751123B1C007098BDB20DF9AC444A9EFBF5EF88310F10845AD829A7210C379A546CFA4
                                                                                                                                                                                                                      Function 051EFAE7 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,051EFA46), ref: 051EFB4E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                      • Opcode ID: 1eb0b71d19784d1f7549ade53473b2893b0e18629a3a99b81a03787a4c02db41
                                                                                                                                                                                                                      • Instruction ID: 70e9109fadd65854dc23f9d82ef20260fae6a165bd63eac6474a4b285effc129
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eb0b71d19784d1f7549ade53473b2893b0e18629a3a99b81a03787a4c02db41
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 971104B5C007498FDB10DF9AC444ADEFBF5EF88314F14841AD829A7210C779A546CFA5
                                                                                                                                                                                                                      Function 00ACB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00ACB086
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                      • Opcode ID: 2a96fd7511362a3d033c7c988c2306baf853c72f223a1b27ad592617a5eb4f0e
                                                                                                                                                                                                                      • Instruction ID: a9941d0d85e64b28a0ff3155c55d7a998e9fea4d0d14207de30f8958d0f29ccb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a96fd7511362a3d033c7c988c2306baf853c72f223a1b27ad592617a5eb4f0e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1911D2B5C003498FDB10DF9AC445B9EFBF4AB88310F11845ED429B7610C376A545CFA5
                                                                                                                                                                                                                      Function 007CD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830506664.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7cd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 02f3e8b7b2ce76a6e693d6d440606d1f80152fc2679c2c03ac3f8584a5e5311b
                                                                                                                                                                                                                      • Instruction ID: aeb38e50f1578b01d60bb8f48b8e10edf86060a3a5127c066d785a257033a382
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02f3e8b7b2ce76a6e693d6d440606d1f80152fc2679c2c03ac3f8584a5e5311b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 392102B1500280DFCB19DF04C9C0F26BB65FB94324F20C56CDE0A0A246C33AEC16C6A1
                                                                                                                                                                                                                      Function 007DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830556062.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7dd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 74f7f49eacb5c972d8f8cf3561263450863402ae6b5faa8d3c3586c126540379
                                                                                                                                                                                                                      • Instruction ID: 48fc40c13522400507135b40bb8a3f5a72b671c9dd55bf1eb90a6e5833b25682
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74f7f49eacb5c972d8f8cf3561263450863402ae6b5faa8d3c3586c126540379
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C21D0B5604204DFCB24DF24D9C4B26BBB5EB98314F24C96AD80A4B386C33ADC07CA61
                                                                                                                                                                                                                      Function 007DD005 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830556062.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7dd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5839eb26ba60bae6474dfd4d161bd2afd46eb70c569dfe668760f5391aa7fd46
                                                                                                                                                                                                                      • Instruction ID: 5d1613cc98bbbcafa04be5de29f9bd158519bcaad0e548433d4e70c5947de011
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5839eb26ba60bae6474dfd4d161bd2afd46eb70c569dfe668760f5391aa7fd46
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA2150755083849FCB12CF24D994715BF71EB86314F28C5EAD8498F2A7C33A9C5ACB62
                                                                                                                                                                                                                      Function 007CD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830506664.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7cd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                                                                                                      • Instruction ID: ca253c78c1021e3c333240b8ea89ca7d66056c2634cada1c0c1c3450f60ab414
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B911CA76504280DFCB16CF00D9C4B16BF72FB94324F24C2ADDD090A256C33AE95ACBA2
                                                                                                                                                                                                                      Function 007CD99D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830506664.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7cd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7bb5426a307e5d21ea1aba009925edb881a09bbb8345fa426c123cf7fe7bde54
                                                                                                                                                                                                                      • Instruction ID: 154a5f547a51b5bd9ce6d4795bb16b90ac659b65217a28a2b52c06a538178337
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bb5426a307e5d21ea1aba009925edb881a09bbb8345fa426c123cf7fe7bde54
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D401A7710093449AE7304A2ADC84F67FFD8DF55365F18C56DED090A282C77DAC40CAB1
                                                                                                                                                                                                                      Function 007CD99C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1830506664.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7cd000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3b6b1f40a145554685bc3a3794c3dad233fbfc76d67b772417b70931a83a5d70
                                                                                                                                                                                                                      • Instruction ID: a5d6f82d9cd57f3c0a327b95ff433e7582ee7a6d14141cf0abfb13c4a8814c0e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b6b1f40a145554685bc3a3794c3dad233fbfc76d67b772417b70931a83a5d70
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF0C272009340AAEB208A16CC84B67FFD8EB51374F18C05EED490A286C378AC44CAB0

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 051E48A0 Relevance: 1.8, Strings: 1, Instructions: 528COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 0oAp
                                                                                                                                                                                                                      • API String ID: 0-730047704
                                                                                                                                                                                                                      • Opcode ID: a82c5477974a4cd37f755c9db5feda6fac64387e95caf6291d3408c6c3febd57
                                                                                                                                                                                                                      • Instruction ID: f9ba4ae017205ea3d279bfc6de7e06289f3f9e4922680313b65ab5152304f499
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a82c5477974a4cd37f755c9db5feda6fac64387e95caf6291d3408c6c3febd57
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB429D74E012288FDB64DF65C994BEDBBB2BF89300F1085E9D509AB264DB349E85CF50
                                                                                                                                                                                                                      Function 051E5BC0 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b5798f3e33a995fffa6a6ce356b83ca9d34f1b30bdeca638de67e55220819cee
                                                                                                                                                                                                                      • Instruction ID: 79e407234fd059889d74f6511da28d6b836f72db79240251a74c2cb1471f1658
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5798f3e33a995fffa6a6ce356b83ca9d34f1b30bdeca638de67e55220819cee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1002D174A01229CFDB64DF64C990B9DBBB2BF89300F5085E9D509AB354DB31AE85CF50
                                                                                                                                                                                                                      Function 051E2D59 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0d15f61bd9a1b4178e3b7c49507ee4e70906226f2d0c5c9671729aa73b4de292
                                                                                                                                                                                                                      • Instruction ID: ea1ba6fdc7edb218f6dc0b84c142ecc66cdcdd0abf534c632e2fbb3a21de4c2e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d15f61bd9a1b4178e3b7c49507ee4e70906226f2d0c5c9671729aa73b4de292
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCD11A31D2075ACACB01EB64D994A99B7B1FF95300F10CB9AE4093B225FB706AC9CB51
                                                                                                                                                                                                                      Function 051E2D2F Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bb34e72aa1d6aee156628bbfd84edd10955c697d3ecd4af451a9d3db25f2d42f
                                                                                                                                                                                                                      • Instruction ID: 3bf7ae11d897d76d3c56832f6b87e0bef0021b26807256598b1caf870e685e96
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb34e72aa1d6aee156628bbfd84edd10955c697d3ecd4af451a9d3db25f2d42f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1D10A3592075ACACB01EB64D994AD9B7B1FF95300F10CB9AE4093B225FB706AC9CF51
                                                                                                                                                                                                                      Function 051E2D68 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1838582680.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_51e0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 766b8f0c222bb492a39e7430a712ac877a2664eabf5d381e300589089d7dbc73
                                                                                                                                                                                                                      • Instruction ID: c68a2d309642b167ec7fb6c161436cb49f78cdd0820cf515127bae0f4c096514
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 766b8f0c222bb492a39e7430a712ac877a2664eabf5d381e300589089d7dbc73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFD10A3192075ACACB01EB64D994A99B7B1FF95300F10CB9AE4093B225FF706AC9CF51
                                                                                                                                                                                                                      Function 00ACDC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1831090541.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ac0000_uFVtW2gkkN.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6c162ac41008f226c0bfb8c65f7e1fbc3d6489487383c630fa75a19da0341945
                                                                                                                                                                                                                      • Instruction ID: 9bc9a920f42f990f3b4aa0ce3541b35a472ff1b62ededd4281041ff76380a50d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c162ac41008f226c0bfb8c65f7e1fbc3d6489487383c630fa75a19da0341945
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34A14B36E002158FCF19DFB5C944A9EB7B2FF84300B16857EE806AB265DB71E955CB80