Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nichiden Viet Nam - RFQ List & Specification..exe

Overview

General Information

Sample name:Nichiden Viet Nam - RFQ List & Specification..exe
Analysis ID:1464985
MD5:5a5469ff7562aa34384f44eee04643e1
SHA1:d894b3eb2d2cc3bcebfec296fbf5457cdd77a4b0
SHA256:64b9457cd80939e1e02d22607e1faae7787d60cc8ccff068f1b0ab2b2c1b8057
Tags:exeRedLineStealer
Infos:

Detection

PureLog Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["79.110.62.113:1912"], "Bot Id": "foz", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1996207930.0000000002F44000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.1996026931.0000000002A40000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            00000000.00000002.2007432511.0000000006B3A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                Click to see the 16 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6b3a910.15.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a4a8d0.12.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    0.2.Nichiden Viet Nam - RFQ List & Specification..exe.2a40000.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a228b0.13.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a228b0.13.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                          Click to see the 11 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: AspNetCompiler Execution
                          Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe", ParentImage: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe, ParentProcessId: 7308, ParentProcessName: Nichiden Viet Nam - RFQ List & Specification..exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 7792, ProcessName: aspnet_compiler.exe

                          Snort Signatures

                          Timestamp:07/01/24-04:17:42.877892
                          SID:2043231
                          Source Port:49738
                          Destination Port:1912
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:07/01/24-04:17:32.870053
                          SID:2046045
                          Source Port:49738
                          Destination Port:1912
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:07/01/24-04:17:33.051547
                          SID:2043234
                          Source Port:1912
                          Destination Port:49738
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:07/01/24-04:17:38.297384
                          SID:2046056
                          Source Port:1912
                          Destination Port:49738
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 4.2.aspnet_compiler.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["79.110.62.113:1912"], "Bot Id": "foz", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                          Multi AV Scanner detection for submitted file
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeReversingLabs: Detection: 16%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for sample
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeJoe Sandbox ML: detected
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.21.96.103:443 -> 192.168.2.4:49731 version: TLS 1.2
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003D83000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2006632050.00000000058F0000.00000004.08000000.00040000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003D83000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2006632050.00000000058F0000.00000004.08000000.00040000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdb source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmp
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4x nop then jmp 0743E685h4_2_0743E2A9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4x nop then jmp 0743E685h4_2_0743E2B8

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49738 -> 79.110.62.113:1912
                          Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49738 -> 79.110.62.113:1912
                          Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 79.110.62.113:1912 -> 192.168.2.4:49738
                          Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 79.110.62.113:1912 -> 192.168.2.4:49738
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: 79.110.62.113:1912
                          Source: global trafficTCP traffic: 192.168.2.4:49738 -> 79.110.62.113:1912
                          Source: global trafficHTTP traffic detected: GET /wp-includes/css/dist/preferences/Megugedjf.mp4 HTTP/1.1Host: fff.new-vlog.topConnection: Keep-Alive
                          Source: Joe Sandbox ViewASN Name: LASOTELFR LASOTELFR
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /wp-includes/css/dist/preferences/Megugedjf.mp4 HTTP/1.1Host: fff.new-vlog.topConnection: Keep-Alive
                          Source: global trafficDNS traffic detected: DNS query: fff.new-vlog.top
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003391000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2120295587.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fff.new-vlog.top
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeString found in binary or memory: https://fff.new-vlog.top/wp-includes/css/dist/preferences/Megugedjf.mp4
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002FD9000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownHTTPS traffic detected: 104.21.96.103:443 -> 192.168.2.4:49731 version: TLS 1.2

                          System Summary

                          barindex
                          Initial sample is a PE file and has a suspicious name
                          Source: initial sampleStatic PE information: Filename: Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_02AC33680_2_02AC3368
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_02AC40400_2_02AC4040
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_02AC30200_2_02AC3020
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_058E05580_2_058E0558
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_058E05680_2_058E0568
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_0866D9E00_2_0866D9E0
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_086500400_2_08650040
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_086500210_2_08650021
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_0866CE280_2_0866CE28
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0141DC744_2_0141DC74
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0559EE584_2_0559EE58
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_055988504_2_05598850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_055900404_2_05590040
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_055900064_2_05590006
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_055988404_2_05598840
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074336D94_2_074336D9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743450F4_2_0743450F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743F4E04_2_0743F4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074361E04_2_074361E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743F0784_2_0743F078
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074350904_2_07435090
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_07433EB34_2_07433EB3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_07435A984_2_07435A98
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074349934_2_07434993
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743F4D04_2_0743F4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743E2A94_2_0743E2A9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743E2B84_2_0743E2B8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074300404_2_07430040
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743F06B4_2_0743F06B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074300064_2_07430006
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743508B4_2_0743508B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_07432E504_2_07432E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_07432E604_2_07432E60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743CA104_2_0743CA10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_07432AA04_2_07432AA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074309494_2_07430949
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_074309584_2_07430958
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0743C9FF4_2_0743C9FF
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1995711892.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002C1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003D83000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2006632050.00000000058F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQrcpvwzk.dll" vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2011758594.0000000007730000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameQrcpvwzk.dll" vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000000.1653475130.0000000000726000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtry.exe> vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003CB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.00000000048A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQrcpvwzk.dll" vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeBinary or memory string: OriginalFilenameNewtry.exe> vs Nichiden Viet Nam - RFQ List & Specification..exe
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@1/2
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Nichiden Viet Nam - RFQ List & Specification..exe.logJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: NULL
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeReversingLabs: Detection: 16%
                          Source: unknownProcess created: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe "C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe"
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Nichiden Viet Nam - RFQ List & Specification..exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003D83000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2006632050.00000000058F0000.00000004.08000000.00040000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003D83000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2006632050.00000000058F0000.00000004.08000000.00040000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdb source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3bd9550.7.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3bd9550.7.raw.unpack, ListDecorator.cs.Net Code: Read
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3bd9550.7.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3bd9550.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3bd9550.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.58f0000.11.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d83760.8.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                          Source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3d33740.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6b3a910.15.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a4a8d0.12.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.2a40000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a228b0.13.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a228b0.13.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a4a8d0.12.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.6a9a8f0.14.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1996207930.0000000002F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1996026931.0000000002A40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2007432511.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Nichiden Viet Nam - RFQ List & Specification..exe PID: 7308, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_02ACCFDC push ebx; iretd 0_2_02ACCFDD
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_086531AF push ebp; iretd 0_2_086531B2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 4_2_0559D442 push eax; ret 4_2_0559D451
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeFile created: \nichiden viet nam - rfq list & specification..exe
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeFile created: \nichiden viet nam - rfq list & specification..exeJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: Process Memory Space: Nichiden Viet Nam - RFQ List & Specification..exe PID: 7308, type: MEMORYSTR
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@\^Q0SELECT * FROM WIN32_BIOS
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@\^Q
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORER;SBIEDLL.DLL<SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE=VERSION>SERIALNUMBER@VMWARE|VIRTUAL|A M I|XENASELECT * FROM WIN32_COMPUTERSYSTEMBMANUFACTURERCMODELDMICROSOFT|VMWARE|VIRTUALEJOHNFANNAGXXXXXXXX
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: DC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: 2A40000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: 65E0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: 75E0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 3070000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2FB0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeWindow / User API: threadDelayed 1234Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeWindow / User API: threadDelayed 3899Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 498Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 6180Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -100000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7368Thread sleep count: 1234 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7368Thread sleep count: 3899 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99324s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -99110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98457s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98213s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98109s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -98000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97891s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97781s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97672s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97563s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97438s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97313s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7340Thread sleep time: -97203s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7352Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe TID: 7328Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7872Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7812Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 100000Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99875Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99766Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99656Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99547Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99437Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99324Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99219Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 99110Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98985Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98860Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98735Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98457Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98213Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98109Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 98000Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97891Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97781Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97672Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97563Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97438Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97313Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 97203Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual@\^q
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareLR^q
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareLR^qD=
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 7BZ7O TVX9DA2UH1@\^q0VMware|VIRTUAL|A M I|Xen
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLR^q
                          Source: aspnet_compiler.exe, 00000004.00000002.2122806849.0000000001217000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xent-^q
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer;SbieDll.dll<select * from Win32_BIOS8Unexpected WMI query failure=version>SerialNumber@VMware|VIRTUAL|A M I|XenAselect * from Win32_ComputerSystemBmanufacturerCmodelDMicrosoft|VMWare|VirtualEjohnFannaGxxxxxxxx
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: S24RtUp BaXvPHo k9kor6uY@\^q0Microsoft|VMWare|Virtual
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q 1:en-CH:Microsoft|VMWare|Virtual
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002C1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ^qEmu
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002C1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ^qemu
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1995711892.0000000000EA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002DAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q 1:en-CH:VMware|VIRTUAL|A M I|Xen
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeCode function: 0_2_02AC0CF0 CheckRemoteDebuggerPresent,0_2_02AC0CF0
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeQueries volume information: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: aspnet_compiler.exe, 00000004.00000002.2142643936.00000000070E5000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2122383927.00000000011CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.46cbe18.4.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.7730000.16.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.48fc640.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.46cbe18.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.48fc640.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.7730000.16.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2011758594.0000000007730000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.00000000048A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003EA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3e16f10.10.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3e16f10.10.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2120295587.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Nichiden Viet Nam - RFQ List & Specification..exe PID: 7308, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 7792, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR^q ]/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^qps/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^q8h/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^qps/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q%appdata%`,^qdC:\Users\user\AppData\Roaming`,^qdC:\Users\user\AppData\Roaming\Binance
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^q8h/
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q&%localappdata%\Coinomi\Coinomi\walletsLR^q
                          Source: aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                          Source: Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                          Source: Yara matchFile source: 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 7792, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.46cbe18.4.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.7730000.16.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.48fc640.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.46cbe18.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.48fc640.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.7730000.16.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2011758594.0000000007730000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.00000000048A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003EA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3e16f10.10.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Nichiden Viet Nam - RFQ List & Specification..exe.3e16f10.10.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2120295587.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Nichiden Viet Nam - RFQ List & Specification..exe PID: 7308, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 7792, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts241
                          Windows Management Instrumentation                          		1
                          Scheduled Task/Job                          		11
                          Process Injection                          		1
                          Masquerading                          		1
                          OS Credential Dumping                          		1
                          Query Registry                          		Remote Services1
                          Archive Collected Data                          		11
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Scheduled Task/Job                          		1
                          DLL Side-Loading                          		1
                          Scheduled Task/Job                          		1
                          Disable or Modify Tools                          		LSASS Memory451
                          Security Software Discovery                          		Remote Desktop Protocol3
                          Data from Local System                          		1
                          Non-Standard Port                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                          DLL Side-Loading                          		261
                          Virtualization/Sandbox Evasion                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive1
                          Ingress Tool Transfer                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                          Process Injection                          		NTDS261
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput Capture2
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                          Obfuscated Files or Information                          		LSA Secrets1
                          Application Window Discovery                          		SSHKeylogging13
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Software Packing                          		Cached Domain Credentials133
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          DLL Side-Loading                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Nichiden Viet Nam - RFQ List & Specification..exe16%ReversingLabs
                          Nichiden Viet Nam - RFQ List & Specification..exe100%Joe Sandbox ML

                          Dropped Files

                          No Antivirus matches

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://tempuri.org/0%URL Reputationsafe
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                          https://api.ip.sb/ip0%URL Reputationsafe
                          https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                          http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                          http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust0%URL Reputationsafe
                          http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat0%Avira URL Cloudsafe
                          https://fff.new-vlog.top0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/sc0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA10%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/trust0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%Avira URL Cloudsafe
                          https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.00%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%Avira URL Cloudsafe
                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA10%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id3ResponseD0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id23Response0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/06/addressingex0%Avira URL Cloudsafe
                          http://tempuri.org/D0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/10/wscoor0%Avira URL Cloudsafe
                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          fff.new-vlog.top
                          		104.21.96.103
                          		truefalse
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id23ResponseDaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003391000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id12Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://tempuri.org/Entity/Id2Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id21Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id9aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id8aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id5aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id4aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id7aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id6aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id19Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsataspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://fff.new-vlog.topNichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id15Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registeraspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id6Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.ip.sb/ipNichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2120295587.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://stackoverflow.com/q/14436606/23354Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002FD9000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/scaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id1ResponseDaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id9Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id20aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id21aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id22aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id23aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id24aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id24Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id1Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/08/addressingaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/trustaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id10aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id11aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id12aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id16Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id13aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id14aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id15aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id16aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id17aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id18aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id5Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id19aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id10Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/Renewaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id8Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/mgravell/protobuf-netJNichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003C29000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.1997975874.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Nichiden Viet Nam - RFQ List & Specification..exe, 00000000.00000002.2016163520.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentityaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/soap/envelope/aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/02/trustaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id3ResponseDaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003391000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id23Responseaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.2124030674.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Daspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/06/addressingexaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/10/wscooraspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonceaspnet_compiler.exe, 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.21.96.103
                            		fff.new-vlog.topUnited States
                            		13335CLOUDFLARENETUSfalse
                            79.110.62.113
                            		unknownGermany
                            		39180LASOTELFRtrue

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1464985
                            Start date and time:2024-07-01 04:16:06 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 47s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:7
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Nichiden Viet Nam - RFQ List & Specification..exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@3/2@1/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 97%
                            • Number of executed functions: 154
                            • Number of non-executed functions: 9
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: Nichiden Viet Nam - RFQ List & Specification..exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            22:16:55API Interceptor24x Sleep call for process: Nichiden Viet Nam - RFQ List & Specification..exe modified
                            22:17:37API Interceptor37x Sleep call for process: aspnet_compiler.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            fff.new-vlog.topKyeryong Construction - Products List & Spec.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 172.67.176.150

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CLOUDFLARENETUShttp://muskevents.ioGet hashmaliciousUnknownBrowse
                            • 104.21.78.148
                            arrival notice_pdf.exeGet hashmaliciousFormBookBrowse
                            • 188.114.97.3
                            https://privateinvitationletter.ru/messgae/inboxview/letter/jmgGet hashmaliciousHTMLPhisherBrowse
                            • 104.18.10.207
                            d5raNaLQ8Q.exeGet hashmaliciousXmrigBrowse
                            • 104.20.3.235
                            https://oss1stop.com/assets/layer3.htmlGet hashmaliciousPhisherBrowse
                            • 104.17.2.184
                            https://hamids-worker.hamidyousefi93.workers.dev/Get hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            https://jiedian.dadabing023.workers.dev/Get hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            https://t4ha7.shop/Get hashmaliciousUnknownBrowse
                            • 104.17.25.14
                            https://worker-aliggggg.farnazmonsef1.workers.dev/Get hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exeGet hashmaliciousSnake KeyloggerBrowse
                            • 188.114.97.3
                            LASOTELFRcopy_76499Kxls.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                            • 79.110.62.35
                            Invoice 78284722.docGet hashmaliciousRemcosBrowse
                            • 79.110.62.77
                            V4ybHAFrDb.exeGet hashmaliciousRemcosBrowse
                            • 79.110.62.77
                            EUR-32608-Swift.docGet hashmaliciousRemcosBrowse
                            • 79.110.62.77
                            HVuACIbZyx.exeGet hashmaliciousRemcosBrowse
                            • 79.110.62.77
                            WgfKZuubQ8.ps1Get hashmaliciousAsyncRATBrowse
                            • 79.110.62.189
                            Stub.exeGet hashmaliciousAsyncRATBrowse
                            • 79.110.62.189
                            especificaciones.exeGet hashmaliciousRemcosBrowse
                            • 79.110.62.168
                            jsREvm3FE5.elfGet hashmaliciousMiraiBrowse
                            • 79.110.62.138
                            SecuriteInfo.com.Win32.BotX-gen.12911.31840.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                            • 79.110.62.83

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0ed5raNaLQ8Q.exeGet hashmaliciousXmrigBrowse
                            • 104.21.96.103
                            http://pub-a4db5d6837084a76bc5f6d9216e7e57d.r2.dev/a38.htmlGet hashmaliciousUnknownBrowse
                            • 104.21.96.103
                            http://pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                            • 104.21.96.103
                            https://serviceca11he1pn0waa12.pages.dev/Get hashmaliciousTechSupportScamBrowse
                            • 104.21.96.103
                            http://nvbvnco.com/WRRLDW5DIANCLHOTJC1TSG1L2P/loginGet hashmaliciousUnknownBrowse
                            • 104.21.96.103
                            http://nvbvnco.com/XW8MP7PHRZXQRUDHA1I15R7SOS/loginGet hashmaliciousUnknownBrowse
                            • 104.21.96.103
                            http://sites.google.com/l0gin-microsoftwebonlne.app/867487/Get hashmaliciousUnknownBrowse
                            • 104.21.96.103
                            DHL Arrival Notice.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.96.103
                            agDEHyYcqv.exeGet hashmaliciousDCRatBrowse
                            • 104.21.96.103
                            a.exeGet hashmaliciousUnknownBrowse
                            • 104.21.96.103

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Nichiden Viet Nam - RFQ List & Specification..exe.log

                            Download File
                            Process:C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1459
                            Entropy (8bit):5.357867833060924
                            Encrypted:false
                            SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeRE4Kx1qE4qpsXE4qdKm:MxHKlYHKh3owH8tHo6hAHKzeRHKx1qHW
                            MD5:A773BB5737D2A64BDB410F2E8FB75AE4
                            SHA1:376EEAB4713E33649D2173B61BB04E0783E26AE0
                            SHA-256:C1A11C048FF076862518318A5F07D95CFA07AE8B23552DA5CF627AA7A023CCF5
                            SHA-512:66E6C2A97ABC2481F330676B5AB195BB5CD6DC2A0726C4109ED95EA3561E73DD345F8C87994132E985CC19A8CDD8FC9CEE290B88415F5D9AA21591F65B6893C8
                            Malicious:true
                            Reputation:moderate, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):3094
                            Entropy (8bit):5.33145931749415
                            Encrypted:false
                            SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                            MD5:2A56468A7C0F324A42EA599BF0511FAF
                            SHA1:404B343A86EDEDF5B908D7359EB8AA957D1D4333
                            SHA-256:6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
                            SHA-512:19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):5.744773406075092
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            • Win32 Executable (generic) a (10002005/4) 49.78%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            File name:Nichiden Viet Nam - RFQ List & Specification..exe
                            File size:188'416 bytes
                            MD5:5a5469ff7562aa34384f44eee04643e1
                            SHA1:d894b3eb2d2cc3bcebfec296fbf5457cdd77a4b0
                            SHA256:64b9457cd80939e1e02d22607e1faae7787d60cc8ccff068f1b0ab2b2c1b8057
                            SHA512:51b9e53654e79a14e57e03200b38285f4218c62d68929cfecbeb02296386f2266edc324e619925d981de0e9285c2a5acbba1126dfa0d1d484e1627c438ce5aec
                            SSDEEP:1536:AfLsxO9kR8Bx09kANXrA32aF5D1osgrvzsVxI:xO9KUTF3LFx1osMveI
                            TLSH:1304BA81A200BAA9D9FD66F858DE1474857F7D029F83136E128F7172CB3E760293E51E
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................$..........2B... ...`....@.. .......................@............`................................

                            File Icon

                            Icon Hash:438d7d31c4c46923

                            Static PE Info

                            General

                            Entrypoint:0x404232
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x66821F2E [Mon Jul 1 03:14:54 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x41e80x4a.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x2b77e.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x22380x2400799158b1c66d25619f87823aaaebbd0dFalse0.5494791666666666data5.597142208658783IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0x60000x2b77e0x2b8007cab09c9d0bb0bfbd657b66f4f903176False0.20756443067528735data5.65586942582949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x320000xc0x200b3954b9f046ecab4afdd8358909a5c20False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0x60ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.6365248226950354
                            RT_ICON0x65380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/m0.4512295081967213
                            RT_ICON0x6ee40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.37617260787992496
                            RT_ICON0x7fb00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.24190871369294606
                            RT_ICON0xa57c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.17820028341993388
                            RT_ICON0xe7c80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736, resolution 3779 x 3779 px/m0.15753234750462108
                            RT_ICON0x13c740x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 3779 x 3779 px/m0.12142631910868194
                            RT_ICON0x1d1400x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.09030817461256359
                            RT_ICON0x2d98c0x36fePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9813894019036795
                            RT_GROUP_ICON0x310c60x84data0.7196969696969697
                            RT_VERSION0x311860x3d2data0.41513292433537835
                            RT_MANIFEST0x315940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            07/01/24-04:17:42.877892TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497381912192.168.2.479.110.62.113
                            07/01/24-04:17:32.870053TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497381912192.168.2.479.110.62.113
                            07/01/24-04:17:33.051547TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response19124973879.110.62.113192.168.2.4
                            07/01/24-04:17:38.297384TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)19124973879.110.62.113192.168.2.4

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jul 1, 2024 04:16:57.073133945 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.073157072 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.073230028 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.085361958 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.085372925 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.580826044 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.581058979 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.587280989 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.587289095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.587538004 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.628007889 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.679240942 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.720499992 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789513111 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789560080 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789587975 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789618015 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789637089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789664030 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789712906 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789722919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.789722919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.789722919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.789736986 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.789781094 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.790013075 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.790062904 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.790105104 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.790112019 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.794250011 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.794305086 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.794311047 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.846888065 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.879959106 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880062103 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880116940 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880141020 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880171061 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880193949 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880213976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.880213976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.880223036 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880235910 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.880924940 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880961895 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.880979061 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.880985022 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881009102 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881022930 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.881027937 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881077051 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.881781101 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881856918 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881886959 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881906033 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.881911039 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881941080 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.881952047 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.881958961 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.882009029 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.882771969 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.882853985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.882894039 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.882908106 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.882914066 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.882956028 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.882960081 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.924866915 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.924875975 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970554113 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970591068 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970614910 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970653057 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970690966 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970735073 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.970735073 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.970757008 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.970787048 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971219063 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971251011 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971271038 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971275091 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971297026 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971383095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971431971 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971431971 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971442938 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971476078 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971484900 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971489906 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.971518040 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.971544981 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.972160101 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.972193956 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.972219944 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.972227097 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.972238064 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.972269058 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.972366095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.972420931 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973005056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973036051 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973059893 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973062992 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973082066 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973177910 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973236084 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973242044 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973289013 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973309994 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973366976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:57.973911047 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:57.973963976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061249018 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061357021 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061388969 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061402082 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061414003 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061449051 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061470985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061520100 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061659098 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061696053 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061701059 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061769009 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061885118 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.061937094 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.061989069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062064886 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062134027 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062186956 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062530041 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062585115 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062621117 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062665939 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062735081 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062787056 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062890053 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.062949896 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.062972069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063028097 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063047886 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063153982 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063499928 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063575983 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063636065 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063697100 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063715935 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063771963 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063872099 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063924074 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.063924074 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.063935041 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064002991 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064460993 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064517021 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064522028 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064527988 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064574957 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064682961 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064733028 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064789057 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064836025 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064879894 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.064918995 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.064951897 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.065427065 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.065592051 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.065593958 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.065602064 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.065643072 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.092197895 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.151875019 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.151942968 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.151974916 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.151985884 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152178049 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.152256012 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152272940 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152350903 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.152350903 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.152358055 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152391911 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.152887106 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152901888 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.152977943 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.152983904 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153017998 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.153348923 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153364897 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153450966 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.153460979 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153513908 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.153734922 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153749943 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153820038 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.153824091 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.153863907 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.159358978 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.159375906 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.159435034 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.159442902 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.159497023 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.159909964 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.159925938 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.160021067 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.160027981 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.160136938 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.160389900 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.160403967 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.160469055 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.160475016 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.160516024 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.176879883 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.242667913 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.242690086 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.242913961 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.242928982 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.242980957 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.243154049 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243169069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243233919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.243237972 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243283987 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.243643045 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243658066 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243752003 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.243756056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.243807077 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.244133949 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244148970 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244204998 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.244210958 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244250059 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.244518995 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244534016 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244606972 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.244611025 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.244653940 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245016098 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245031118 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245081902 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245085955 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245126009 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245471001 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245486021 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245537996 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245542049 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245578051 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245876074 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245889902 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.245978117 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.245984077 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.246037960 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.247498035 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.332937002 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.332984924 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.333158970 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.333178997 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.333388090 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.333635092 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.333656073 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.333760977 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.333766937 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.333806992 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.334188938 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334203959 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334271908 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.334275961 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334372997 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.334652901 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334667921 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334732056 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.334738016 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.334779978 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335028887 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335047007 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335103035 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335109949 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335170984 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335445881 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335460901 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335525036 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335529089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335571051 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335613012 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335633993 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335665941 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335671902 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.335715055 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.335715055 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.336025000 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.336040020 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.336149931 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.336154938 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.336189985 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.375528097 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.423593998 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.423648119 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.423835993 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.423846960 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.423902035 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.424354076 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.424369097 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.424439907 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.424444914 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.424510956 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425015926 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425030947 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425086975 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425091028 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425137997 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425482035 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425498009 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425539970 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425544024 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425573111 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425606012 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425827026 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425842047 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425909042 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.425913095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.425957918 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.426134109 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.426239014 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426254034 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426318884 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.426325083 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426367044 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.426624060 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426639080 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426702976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.426707029 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.426774979 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.427061081 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.427077055 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.427133083 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.427139044 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.427190065 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.430965900 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.514354944 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.514399052 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.514451027 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.514456034 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.514658928 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.514658928 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.514883995 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.514903069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.514981985 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.514986038 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.515026093 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.515484095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.515497923 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.515574932 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.515579939 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.515625954 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.515989065 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516005039 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516099930 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.516103983 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516144991 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.516438007 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516452074 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516515970 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.516520977 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516576052 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.516967058 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.516982079 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517095089 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.517101049 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517158985 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.517357111 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517371893 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517528057 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.517534018 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517577887 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.517726898 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517741919 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517812967 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.517818928 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.517893076 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606153011 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606169939 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606230974 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606239080 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606278896 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606484890 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606501102 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606584072 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606589079 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606623888 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606921911 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606935978 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606977940 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.606981993 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.606995106 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.607037067 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.607348919 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607363939 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607422113 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.607426882 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607475042 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.607781887 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607798100 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607856989 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.607861996 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.607912064 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.608149052 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608167887 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608217955 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.608222961 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608262062 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.608678102 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608731985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608766079 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.608769894 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.608798027 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.608814955 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.609034061 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.609054089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.609121084 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.609127045 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.609163046 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.696896076 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.696914911 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697052002 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697208881 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697208881 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697231054 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697307110 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697547913 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697561026 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697675943 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697681904 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697853088 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697873116 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.697937012 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697937012 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.697943926 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698219061 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698235989 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698349953 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.698355913 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698653936 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698672056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698738098 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.698741913 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.698996067 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699007988 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699124098 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.699129105 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699412107 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699431896 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699484110 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.699489117 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.699507952 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.753262043 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.787250996 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787269115 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787305117 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787380934 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787452936 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.787453890 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.787460089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787501097 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.787962914 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.787977934 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788053989 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.788058043 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788096905 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.788489103 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788503885 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788599014 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.788603067 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788651943 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.788928032 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.788942099 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789016962 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789021969 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789094925 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789336920 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789351940 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789434910 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789441109 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789526939 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789753914 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789777994 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789820910 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789825916 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.789855957 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.789897919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.790143967 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790164948 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790236950 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.790244102 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790298939 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.790440083 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790455103 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790544033 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.790549040 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.790591002 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.827548027 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.827753067 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.827758074 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878089905 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.878361940 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878371954 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878408909 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878437042 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.878441095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878447056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878465891 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.878552914 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.878710985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878731966 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878818035 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.878822088 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.878868103 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879044056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879059076 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879112005 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879117012 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879160881 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879570961 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879587889 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879642963 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879647970 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879693031 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879849911 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879864931 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.879945993 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.879951000 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880021095 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.880183935 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880198002 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880261898 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.880269051 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880311966 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.880585909 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880600929 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880675077 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.880678892 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.880732059 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.918279886 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.918298006 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.918392897 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.918405056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.918447971 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.969362020 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969378948 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969435930 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.969444990 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969573975 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.969623089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969638109 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969697952 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.969734907 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.969738960 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.969789028 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970122099 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970138073 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970201015 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970205069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970248938 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970429897 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970444918 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970500946 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970506907 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970525980 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970571041 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.970877886 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.970891953 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971002102 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971009016 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971050978 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971191883 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971205950 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971234083 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971292019 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971296072 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971354008 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971718073 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971733093 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971760988 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971791029 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:58.971795082 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:58.971834898 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.009761095 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.009777069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.009963989 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.009974003 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.010021925 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.060338020 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.060359955 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.060425997 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.060435057 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.060477972 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.061872005 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.061906099 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.061953068 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.061958075 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062004089 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.062308073 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062324047 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062386990 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.062391996 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062433004 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.062685013 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062700987 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062760115 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.062766075 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.062812090 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.063746929 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.063761950 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.063822985 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.063828945 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.063874006 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.064143896 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064157963 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064218998 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.064223051 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064263105 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.064583063 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064600945 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064651012 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.064655066 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.064693928 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.099916935 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.099934101 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.100022078 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.100029945 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.100222111 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.151262045 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151277065 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151588917 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.151613951 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151668072 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.151704073 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151719093 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151779890 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.151786089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.151829958 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.152183056 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152198076 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152264118 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.152268887 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152312994 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.152662992 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152677059 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152741909 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.152749062 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.152791023 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.153158903 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153173923 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153237104 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.153242111 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153287888 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.153562069 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153577089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153635979 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.153640985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153682947 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.153920889 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153935909 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.153995991 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.154000044 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.154037952 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.190660000 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.190675020 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.190856934 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.190864086 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.190911055 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.241873980 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.241889954 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.241991997 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.242001057 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242060900 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.242367029 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242389917 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242448092 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.242453098 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242490053 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.242852926 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242872000 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242937088 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.242940903 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.242990017 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.243313074 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243326902 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243391037 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.243395090 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243451118 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.243700027 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243715048 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243773937 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.243778944 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.243822098 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.244163990 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244177103 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244245052 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.244249105 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244294882 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.244600058 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244613886 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244678974 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.244683027 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.244719982 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.281430006 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.281446934 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.281614065 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.281620979 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.281668901 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.332891941 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.332918882 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.332995892 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.333004951 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333059072 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.333317995 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333334923 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333410025 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.333415985 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333456993 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.333631992 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333646059 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333693027 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.333697081 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.333741903 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334074974 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334089994 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334153891 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334160089 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334209919 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334455013 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334470034 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334532976 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334538937 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334584951 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334901094 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334917068 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.334980011 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.334984064 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.335026026 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.335304976 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.335319996 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.335386038 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.335390091 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.335436106 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.375293016 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.375308990 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.375443935 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.375448942 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.375617981 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.423415899 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423429966 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423727036 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.423732042 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423763990 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423783064 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.423783064 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423794031 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.423818111 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.423858881 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.424175024 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424186945 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424259901 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.424264908 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424324036 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.424647093 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424659967 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424727917 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.424732924 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.424777985 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425040960 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425055027 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425121069 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425126076 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425170898 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425542116 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425565004 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425606012 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425611019 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425636053 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425666094 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425728083 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425743103 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425802946 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.425807953 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.425847054 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.465905905 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.465920925 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.466047049 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.466053963 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.466208935 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.514188051 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514202118 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514302969 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.514316082 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514367104 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.514554977 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514568090 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514635086 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.514645100 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514688969 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.514977932 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.514991999 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515064001 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.515069008 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515105009 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.515449047 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515461922 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515532970 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.515538931 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515573025 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.515671968 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515685081 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515755892 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.515760899 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.515831947 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.516086102 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516099930 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516165972 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.516170979 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516213894 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.516309023 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516340017 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516375065 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.516379118 CEST44349731104.21.96.103192.168.2.4
                            Jul 1, 2024 04:16:59.516426086 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:16:59.518907070 CEST49731443192.168.2.4104.21.96.103
                            Jul 1, 2024 04:17:31.479919910 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:31.485218048 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:31.485316038 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:31.493578911 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:31.498408079 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:32.812685966 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:32.862422943 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:32.870053053 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:32.874963045 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:33.051547050 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:33.096935034 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:38.100337029 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:38.105356932 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297384024 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297410011 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297426939 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297441959 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297458887 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:38.297506094 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:38.297555923 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.736710072 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741813898 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.741853952 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.741882086 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.741898060 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741911888 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741914988 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.741942883 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.741952896 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741962910 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741991997 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.741997004 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.742046118 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.742049932 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.742073059 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.742084980 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.742100954 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.742122889 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.742139101 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.742147923 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.742204905 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747097969 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747128963 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747184038 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747211933 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747234106 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747239113 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747250080 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747267008 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747293949 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747297049 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747308969 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747342110 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747355938 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747369051 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747395992 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747422934 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747425079 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747437000 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747462988 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747474909 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747477055 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747502089 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.747534990 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.747556925 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.752512932 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752567053 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752604008 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.752635956 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.752727985 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752757072 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752813101 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.752923965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752952099 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.752991915 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.752996922 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753024101 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753051043 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753058910 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753086090 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753096104 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753099918 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753128052 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753150940 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753156900 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753227949 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753254890 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753281116 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753282070 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753309011 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753309965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753328085 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753338099 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753365040 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753367901 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753387928 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753391981 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753415108 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753418922 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753442049 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753447056 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753463984 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753473043 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753489971 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753499985 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753513098 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753526926 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753550053 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753554106 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753582001 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753599882 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.753601074 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.753704071 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757558107 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757623911 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757633924 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757673979 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757673979 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757702112 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757733107 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757741928 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757766962 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757793903 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757847071 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757870913 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757899046 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757946014 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.757955074 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.757992029 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.758399963 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758464098 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758490086 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758522987 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.758606911 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758660078 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758687973 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758713961 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758761883 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758790016 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758816957 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758842945 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758869886 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758894920 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758943081 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758970022 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.758996010 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759023905 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759048939 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759076118 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759102106 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759128094 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759155989 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759182930 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759208918 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759234905 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759284973 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759311914 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759339094 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759365082 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759392023 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759418011 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759444952 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759469986 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759495974 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759522915 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759548903 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759553909 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.759576082 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759603024 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759610891 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.759629965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759656906 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759684086 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759710073 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759759903 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759788036 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759814024 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759840965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759867907 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759893894 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759921074 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759947062 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759973049 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.759999037 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760025978 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760051966 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760078907 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760104895 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760132074 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760158062 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760184050 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.760210037 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762597084 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762624979 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762650967 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762717962 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762811899 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762840033 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762890100 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762917042 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762964964 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.762990952 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763017893 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763045073 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763094902 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763122082 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763149023 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763175964 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763202906 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763233900 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.763398886 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765125036 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765156031 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765211105 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765238047 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765265942 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765292883 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765361071 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765388012 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765422106 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765449047 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765454054 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.765475035 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765502930 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.765522957 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765549898 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765861988 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.765889883 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766204119 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766375065 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766473055 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766590118 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766618013 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766645908 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766673088 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766700029 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766726971 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766752958 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766779900 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766805887 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766832113 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766858101 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766885042 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766911983 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766937971 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766964912 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.766992092 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767018080 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767044067 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767071009 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767097950 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767123938 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767152071 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767178059 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767205000 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767236948 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767271996 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767298937 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767324924 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767350912 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767363071 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767374039 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767385006 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767410994 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767437935 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767465115 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767493010 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.767518997 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770390987 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770422935 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770450115 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770499945 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770526886 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770576000 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770601988 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770629883 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770637989 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.770683050 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770685911 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.770709991 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770737886 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770764112 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770793915 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770843029 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770869970 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770895958 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770921946 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770971060 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.770998001 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771024942 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771051884 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771078110 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771104097 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771131039 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771157980 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771209955 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771236897 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771264076 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771290064 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771317005 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771343946 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771370888 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771397114 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771424055 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771471024 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771497965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771523952 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771549940 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771576881 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771603107 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771629095 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771655083 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771681070 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771707058 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771733999 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771780968 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771807909 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771833897 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771861076 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771887064 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.771914005 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.772289991 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.772324085 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.776732922 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.776761055 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.776787996 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.776837111 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.776864052 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777004004 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777111053 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.777118921 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777147055 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777168989 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.777175903 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777204037 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777230978 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777281046 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777307987 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777333021 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777383089 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777410030 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777436018 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777462959 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777513027 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777539968 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777565956 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777616024 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777642965 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777668953 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777718067 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777745008 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777770996 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777797937 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777823925 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777851105 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777877092 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777904034 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777930021 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.777977943 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778004885 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778032064 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778058052 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778084993 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778110981 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778137922 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778165102 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778192043 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778218031 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778244019 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778296947 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778323889 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778350115 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778376102 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778403044 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778429985 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778455973 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778486967 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.778513908 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783370018 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783397913 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783425093 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783451080 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783504963 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783533096 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783559084 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783585072 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783596992 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783621073 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.783632994 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783659935 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783670902 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.783687115 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783714056 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783740044 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783766985 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783814907 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783842087 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783868074 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783895016 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783921957 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783947945 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.783974886 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784001112 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784027100 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784054041 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784080029 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784131050 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784159899 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784187078 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784214020 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784240961 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784267902 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784293890 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784321070 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784347057 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784373999 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784399986 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784426928 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784452915 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784480095 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784523010 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784549952 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784575939 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784625053 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784651041 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784677982 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784703970 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784730911 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784756899 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784782887 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784807920 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784833908 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.784861088 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.789932013 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.789959908 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.789985895 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790013075 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790039062 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790066004 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790091991 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790118933 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790146112 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790174007 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790191889 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.790199995 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790249109 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790265083 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.790277958 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790303946 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790329933 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790355921 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790383101 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790410042 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790458918 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790486097 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790513992 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790539980 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790565014 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790591955 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790618896 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790643930 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790669918 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790695906 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790743113 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790769100 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790796041 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790822029 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790848970 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790874958 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790901899 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790927887 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.790954113 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.807559013 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.815957069 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.816210032 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.816282034 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.816282034 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.816337109 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.821326017 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821341991 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821424961 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821433067 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821439981 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821446896 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821460962 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821468115 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821474075 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821517944 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821526051 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821527958 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821531057 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821711063 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.821718931 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.845123053 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.845247984 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.850071907 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:39.878045082 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:39.883281946 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:42.877063990 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:42.877892017 CEST497381912192.168.2.479.110.62.113
                            Jul 1, 2024 04:17:42.882829905 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:43.072278023 CEST19124973879.110.62.113192.168.2.4
                            Jul 1, 2024 04:17:43.120683908 CEST497381912192.168.2.479.110.62.113

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jul 1, 2024 04:16:56.714696884 CEST5621753192.168.2.41.1.1.1
                            Jul 1, 2024 04:16:57.064032078 CEST53562171.1.1.1192.168.2.4

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Jul 1, 2024 04:16:56.714696884 CEST192.168.2.41.1.1.10xbf0eStandard query (0)fff.new-vlog.topA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Jul 1, 2024 04:16:57.064032078 CEST1.1.1.1192.168.2.40xbf0eNo error (0)fff.new-vlog.top104.21.96.103A (IP address)IN (0x0001)false
                            Jul 1, 2024 04:16:57.064032078 CEST1.1.1.1192.168.2.40xbf0eNo error (0)fff.new-vlog.top172.67.176.150A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • fff.new-vlog.top

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449731104.21.96.1034437308C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe
                            TimestampBytes transferredDirectionData
                            2024-07-01 02:16:57 UTC112OUTGET /wp-includes/css/dist/preferences/Megugedjf.mp4 HTTP/1.1
                            Host: fff.new-vlog.top
                            Connection: Keep-Alive
                            2024-07-01 02:16:57 UTC729INHTTP/1.1 200 OK
                            Date: Mon, 01 Jul 2024 02:16:57 GMT
                            Content-Type: video/mp4
                            Content-Length: 2295816
                            Connection: close
                            last-modified: Mon, 01 Jul 2024 00:12:42 GMT
                            etag: "6681f47a-230808"
                            strict-transport-security: max-age=31536000
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 1819
                            Accept-Ranges: bytes
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwPIZlnCwz5pMxpH6ugz%2FH6iwDxzE8d8kNaA%2Fn7ea%2B9kkYr9MouUkNnUAcDclkeLHVQRNZY44HgZPbM2PnRhNJdC0svrvw7yYbW8Aaty6vcZCQPthdKJ3xA5MJ3TW6HXtIhD"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89c2e5a0d8a40cd5-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-01 02:16:57 UTC640INData Raw: 14 61 44 66 d8 7d e9 25 2b 77 da b2 a5 a1 0b cf bf 24 f9 b6 64 55 d7 84 9f 6d 9f a9 4a 0f f7 6f 40 ce 01 75 97 ec ea 0f 85 b1 f6 20 a1 59 69 69 32 75 18 f2 68 e6 84 21 96 de 63 e7 20 0b eb 3d 89 0b b0 3c 29 19 b8 7b b7 e7 37 fa 29 30 4d a5 1f b4 2f 25 73 65 c1 6c f7 94 8b d9 58 e3 e2 a3 31 13 53 fd a8 35 b7 28 34 14 30 69 cf 13 f1 5e fb e2 58 ec f4 05 75 9c 71 08 d7 5e d0 3b 15 23 e5 a2 11 e1 74 1f f2 eb 0b 28 26 ef b2 a9 b0 09 40 43 49 ef ce ad 56 70 60 e9 60 91 e7 e0 da 64 48 63 aa 86 04 d1 1a cf 8e 09 70 8c 1d f4 6a fc 62 8a 23 de 8d d4 1d 5a b2 c2 44 4f a3 79 00 26 b2 3d a4 d9 c1 04 b7 4b 7f 7f 91 70 f0 f3 87 1b a7 de fb d1 d5 76 11 38 38 76 1a 00 49 1a bd 55 0e e1 bd d7 65 76 75 0a 57 6f 14 26 67 23 9d 54 3c 6f 11 26 fa d9 97 11 b1 44 ba 6e 1e db b3
                            Data Ascii: aDf}%+w$dUmJo@u Yii2uh!c =<){7)0M/%selX1S5(40i^Xuq^;#t(&@CIVp``dHcpjb#ZDOy&=Kpv88vIUevuWo&g#T<o&Dn
                            2024-07-01 02:16:57 UTC1369INData Raw: 76 c0 7b d6 dd f2 1c cb 0c 76 03 24 d4 3b d2 42 de 7d b6 73 e3 db 15 74 22 77 3b 4f cf 93 81 28 4b ef 31 bf c7 31 b7 b1 65 6a 3a 6c d9 0f 8e cb fc d5 b9 df 3e da 0a 62 04 63 a5 6c a8 b6 94 f6 54 6f 61 68 62 3a c6 07 b6 2a 27 39 2f 3e 29 9f b2 93 ff 4a 55 ec ae 46 1a 50 c9 70 9f ae ad 49 0b c8 9f 7b 5b 2e bc 4a bb 09 2f 12 10 ea c5 e2 1f 24 c1 69 e7 fa c8 57 52 56 73 cc cf 4b 44 e3 2f bd cf 4a 29 77 6f 99 e4 7a f1 bd 8e da 79 c9 a0 ab 34 3a 33 c5 e3 bb 30 52 3e bc 34 37 65 c7 eb c1 01 a8 43 da 13 ba 2b b0 ca ab ee 36 e4 14 29 46 41 16 59 b4 70 f4 f2 b0 26 d2 62 55 a0 fc cc 49 8a cc 4c 3c f5 c2 e6 42 21 75 a5 34 ee 31 ea cb 0e 44 8f e6 e6 f8 b3 93 3e e4 01 83 dc 5e 2d 85 14 5f cb 22 9f 58 1b fe a3 42 41 6d a8 20 be 3a 60 f7 a9 1b dc 32 71 0e 29 88 c8 8b bf
                            Data Ascii: v{v$;B}st"w;O(K11ej:l>bclToahb:*'9/>)JUFPpI{[.J/$iWRVsKD/J)wozy4:30R>47eC+6)FAYp&bUIL<B!u41D>^-_"XBAm :`2q)
                            2024-07-01 02:16:57 UTC1369INData Raw: 86 57 66 8c f5 b7 ac 7a af c8 0c 67 f1 b6 c5 6b 06 69 ed b0 c1 44 53 1e ac 28 6c c7 27 08 15 3c 9c d3 d6 e0 18 7b 60 9c 2a 7e ae c1 54 fc 8e 90 a6 52 13 55 d6 78 5f 5a 98 20 65 13 8c 44 e7 4a a6 43 34 94 33 0e 44 db 81 e8 f5 bc 31 2c 77 e6 29 f5 34 96 62 9b 7a 80 10 de 2c 50 8a 70 32 8f 55 f3 b7 4d 5e 93 0c 32 29 4d 5a 1e 21 82 4d 82 49 63 9e a7 da 67 e0 f6 5d b2 ca d3 40 61 25 a1 4c 57 7e 07 63 73 2a 26 bf e4 a3 7d 73 90 77 d2 04 26 ab 9c 0f 98 a1 ba 07 34 ff ba 9c df 9f 4e bc 3d 15 50 96 ea 56 5f bf ab 54 e0 6c 58 e2 f0 26 82 14 0f c0 4f f2 14 8f 76 d5 91 ca 55 7d 11 43 ad 20 ae 05 37 8d 10 11 d3 e5 57 27 7d a5 50 b6 22 79 68 2b ba 7f 64 4a 4b 8d 73 37 f5 c4 22 f8 fe 2b 54 39 dc 6b ac f5 4a ff e4 fe ff bb c7 56 81 b8 cd b9 fa 32 1e 58 7e cf a4 c3 6b 96
                            Data Ascii: WfzgkiDS(l'<{`*~TRUx_Z eDJC43D1,w)4bz,Pp2UM^2)MZ!MIcg]@a%LW~cs*&}sw&4N=PV_TlX&OvU}C 7W'}P"yh+dJKs7"+T9kJV2X~k
                            2024-07-01 02:16:57 UTC1369INData Raw: b0 db 7e 7d f3 61 6d bc be 29 50 08 a9 30 9e bd 66 6b 3e b5 a3 9b 70 2e fd 82 95 5d 62 27 5a 00 1a d2 41 b3 d8 8b 3d fc 02 d9 27 26 47 d8 7c 6d 55 cd 81 70 db 3d bc f3 7c 3e e1 22 cd 5e ab 93 12 84 55 76 cf a9 4b be 1a 3b db 2f 8d 8c 1c 4d 9f cc 87 31 7f 1d ec d9 3e 63 32 c0 bf 4a ac 94 cd 74 05 52 73 36 33 ef fe 1b c7 c4 82 41 74 b2 e3 a0 d0 4b 49 07 f4 63 40 de 9b 4a 08 dd de 63 40 d4 45 52 eb bb a8 84 be 4e 89 3d d6 c8 67 df ae ad 76 fe 53 0a d9 df 40 2b 22 bd c6 fd b9 cd 18 6a a5 5b ed 78 eb f1 50 04 e4 9a 89 49 85 a2 24 1f 29 70 ca ed ff 43 84 40 52 b4 f8 d1 1d 9b 8c 33 d5 a0 27 b2 9e e1 49 38 d6 13 e1 65 33 f2 37 2f 34 b3 77 90 52 7b a1 a1 e0 22 04 ef 1f 3e b9 d4 a5 00 0e 66 1f c1 de 85 cd be a0 3b dd ce e0 6d 08 ff f7 59 ed d5 29 0c da 60 98 27 9f
                            Data Ascii: ~}am)P0fk>p.]b'ZA='&G|mUp=|>"^UvK;/M1>c2JtRs63AtKIc@Jc@ERN=gvS@+"j[xPI$)pC@R3'I8e37/4wR{">f;mY)`'
                            2024-07-01 02:16:57 UTC1369INData Raw: 1f a7 c2 cd 8c 6b e8 39 01 19 54 c2 ea 27 e7 aa b1 3e d9 6b e9 75 9a 00 2f bf ef d5 f9 7c 95 9e 60 fa f9 3c 48 4d 54 32 5a ba 7c ae 2a a1 11 11 9f 68 45 ce 16 4c 78 41 68 84 6c d8 c1 86 a9 61 e3 6d 5a b4 d3 ad cb 78 f8 26 35 f2 2c 60 80 14 44 b1 93 bb 40 bb 9b 90 df fe 9f 1f b1 b5 df d3 b2 a1 b8 36 bb 66 cb 7e 17 be 5e 73 74 84 71 01 20 88 93 a1 f7 1e b8 6f 03 f1 a8 a0 44 c9 12 32 70 f6 b0 f4 47 69 35 2b 5b d3 0b fd 27 d4 12 76 e0 8c ce 68 d7 aa ca be e8 53 25 94 97 6e 70 61 8c 8a d1 c8 3f ee 65 e6 15 cd d7 fb 49 b2 6d 6f a7 c0 03 5b 34 4e 2a 18 31 46 1f 18 78 40 b6 e5 9b 4f 03 24 2a 11 5a 11 7d 42 3b 0b 86 4d ad 15 46 48 2e ba 65 21 b5 75 d1 aa 55 63 5a 95 53 85 5b 53 46 a7 fa 46 e7 89 26 8a b1 93 3b e9 3a c9 15 4c 51 b6 0d 0e e9 37 e2 30 d3 88 ea a5 7f
                            Data Ascii: k9T'>ku/|`<HMT2Z|*hELxAhlamZx&5,`D@6f~^stq oD2pGi5+['vhS%npa?eImo[4N*1Fx@O$*Z}B;MFH.e!uUcZS[SFF&;:LQ70
                            2024-07-01 02:16:57 UTC1369INData Raw: 7f db 8a cd 45 d5 05 35 23 d2 c0 78 db db ff 54 db 52 17 81 ae 2c 9e ae 61 65 db 41 0d 87 5c 50 ae 58 4b 07 c6 8c 6b 9c 78 b8 15 e0 ff 1f 62 3f 8d a9 94 3b d6 21 b8 ed c6 4f 3b 8f 55 b1 47 9e 70 76 d3 69 8a e7 f0 2f e1 6f 80 bf e6 f4 3b 2c e2 d9 2b 69 b6 5f 7c 0f 2d 2f 2c 69 d1 83 8e 93 0d b9 b2 45 73 b3 b9 0d 6f 0a 82 84 fb 59 7c c9 10 44 31 fe 13 84 88 fa 00 ff 34 e0 e7 8c 5a f6 c3 49 b8 85 01 54 af 58 5e e3 51 7f a0 49 d8 db 6a 43 0f 90 40 09 75 a4 cb c8 f1 28 ef 15 4e 81 64 bc ea 1c c2 3a 4a 2b bd 2e f9 4a 8a ba d0 90 8b db 19 a2 07 ce 13 7c 8d dd 77 69 4d d2 c9 fd 95 0e 8b ba 97 2e 07 b9 a2 ef bc 76 06 ef b0 77 4c f3 91 40 4a 76 6d 32 1f ab d2 3a 2b b7 11 7e 64 c4 bc b5 af ec 1f db 4f 9f 5a d1 07 a6 f2 5c 28 63 68 e0 aa 05 af eb 4b d5 30 f3 66 6f 7b
                            Data Ascii: E5#xTR,aeA\PXKkxb?;!O;UGpvi/o;,+i_|-/,iEsoY|D14ZITX^QIjC@u(Nd:J+.J|wiM.vwL@Jvm2:+~dOZ\(chK0fo{
                            2024-07-01 02:16:57 UTC1369INData Raw: 74 33 12 d3 1b e1 0e 94 13 67 19 53 b2 3d c5 13 b3 13 38 22 04 46 c4 5e 68 39 53 2d 6b fd 05 1d af ed 98 16 b4 6f d1 b6 21 a9 56 34 ed 16 06 b3 fc c9 3b ce 3c 14 f2 c4 41 74 06 6d 87 2c 15 ae e8 16 c6 8d 78 de 9e a6 d8 f4 f3 20 1d 9f f9 3d 42 2b a7 4f 11 95 52 fc 47 39 ed 73 fe c4 01 40 7e 52 45 89 be 67 dc 07 43 98 e3 26 14 1e 35 2f b3 40 ac 69 25 36 24 c2 11 19 7b 60 ff 59 f6 c8 14 a1 dc 2e 58 a7 1e 9b 47 ae 99 86 b8 09 d3 07 c4 22 0b 3d c6 c8 49 7d 8d 83 a2 50 86 d2 3e f5 98 46 00 74 95 0a 1a 25 a7 c1 36 13 94 39 02 bb 71 74 0d c4 96 45 ff f0 9e 1a b4 af c9 0b c0 5c b7 6f 0d 87 6a d2 69 e3 69 24 e6 68 7a f1 6d 92 52 19 7f a6 cd eb 11 de fe d3 47 c0 e8 5d 6f 0e e5 89 bc 4c b5 72 1d 83 ce 19 18 00 3a a3 e5 54 5b bc ef c7 82 f7 27 67 77 60 81 1a 7f 7c 74
                            Data Ascii: t3gS=8"F^h9S-ko!V4;<Atm,x =B+ORG9s@~REgC&5/@i%6${`Y.XG"=I}P>Ft%69qtE\ojii$hzmRG]oLr:T['gw`|t
                            2024-07-01 02:16:57 UTC1369INData Raw: 9c e6 f3 2d cc 83 8b 5d b4 a4 4e 55 d5 e7 42 fd 89 86 25 c8 66 3a 1b 03 12 67 fc 6f b4 61 89 c5 19 87 7a eb e6 65 dc 3b c7 a2 4d 67 dc 09 4e 78 f5 d5 50 52 8f a6 39 ea c9 b8 a7 85 58 4a b2 79 71 83 ca f7 56 53 ac 3c f7 4e 92 8f a3 ae 6d 47 d7 6c 53 7a 1f a6 48 9a ec 29 0e c4 92 da 41 00 fb 63 55 c4 74 37 a1 fa d1 e7 d6 91 87 f7 2f 72 36 1b 4c 12 d5 a8 04 be bb fd a1 53 51 6f 8d 75 3b 32 d8 17 e6 f2 8d cc fe b9 70 08 7c b2 d4 96 6c c3 a9 6c 6b d2 af 11 ba 8c 52 22 cf 45 23 6c 22 54 c8 53 df 17 b0 49 ce 9e f0 21 7c 9d 61 49 35 93 53 c4 b1 b6 80 ff 75 ea 0f cb 60 24 6f c7 d2 0e db 47 82 29 fb 7a fd 1c 6a 27 c3 4a cb 98 33 fe 58 64 a3 24 01 e5 19 0e b9 5e f9 60 cc 59 a7 cf aa 49 31 b1 7b 8d db ca 46 83 02 e3 d5 ee 88 3b 5e 59 f6 04 9f 90 3b bc bb 2c f5 cd ee
                            Data Ascii: -]NUB%f:goaze;MgNxPR9XJyqVS<NmGlSzH)AcUt7/r6LSQou;2p|llkR"E#l"TSI!|aI5Su`$oG)zj'J3Xd$^`YI1{F;^Y;,
                            2024-07-01 02:16:57 UTC1369INData Raw: 9e 1f 96 4b ae 1c 4e f0 61 90 e7 c3 cc 50 30 2c 67 2a ce fd 7a 9a 2b d5 57 4b 28 21 b4 27 af 28 89 f6 ae b1 14 9f 2f 7a ef 1f 5e 04 39 2a ec b6 67 f5 01 5d df 8a 0a 45 0f 5a ed 1d 00 ab 3e 3a c0 54 a7 4a 9b b7 d5 b0 39 d4 8e 0e a2 56 45 37 14 77 d5 01 85 73 ee 8c b5 2f 07 6b 2d b3 c6 d1 28 23 d1 6a 30 46 2b 65 61 14 6a ad 01 56 45 f5 b6 d3 67 0c da 88 4b 0a f7 52 10 55 40 c5 a8 ec e9 56 ab a9 fd 3b c9 2d a3 07 06 6a f3 1d f8 db 11 3a fb 01 52 17 35 e8 05 7c 6f 48 bb 47 d7 bd 59 c5 78 a3 28 8a ae 87 57 b0 50 77 a7 23 2a d3 da cd e8 44 80 e3 88 d8 e7 4c 7f 52 45 58 3d 60 35 44 68 45 0b 94 3c af 81 7c 25 0b 5e 49 61 c7 2d 35 f6 6c 59 09 03 c1 87 4e 0c 35 6e 76 d9 65 b7 2e f4 82 e8 4b fe b5 a0 2f e5 ca 25 bd b3 d9 67 22 00 e1 58 9f 00 0e 72 fa 64 39 f1 58 e5
                            Data Ascii: KNaP0,g*z+WK(!'(/z^9*g]EZ>:TJ9VE7ws/k-(#j0F+eajVEgKRU@V;-j:R5|oHGYx(WPw#*DLREX=`5DhE<|%^Ia-5lYN5nve.K/%g"Xrd9X
                            2024-07-01 02:16:57 UTC1369INData Raw: 18 6c 30 c4 cc 47 d3 19 61 19 7d 12 8c 85 95 47 61 ad e8 8d 5e ca a1 71 91 1b 8c 78 50 77 8c 75 06 6c 3c 0a 67 f4 e6 1d 43 9b df 5b c3 38 83 54 76 8d f5 da ed e6 2b c3 2f e7 33 31 f3 f1 c3 1d fe 30 32 da 3b 19 12 ba c0 2c 5f f9 a3 4b bc 92 52 2f 73 c7 88 b6 4f b8 26 5a f1 1a 88 a4 a3 d3 ca 03 03 08 fe 0f de 96 b7 17 ac 32 8e 0e 16 2a 28 d3 d4 30 4d b2 de 77 31 53 ff 9a 66 b9 31 ef 70 94 41 e8 cb 9a 49 15 bc cf ea c7 de 1b 3f 72 bf 00 f8 ef cc 92 b9 aa 7e ba 57 86 db a2 47 23 55 f6 30 0c 0e 37 af 89 30 2c 37 0e 83 3f 7a e3 7c 66 c6 71 0e 5b d8 c5 c2 17 fb 93 c3 bd 19 ec 4f 73 0f 04 7f 43 c2 b5 12 c6 26 83 32 d1 1c 11 2c 3f 47 74 4f 01 6f f2 d6 ff f7 61 59 c1 f7 33 87 e7 ca f2 a3 01 d7 8d 47 00 a0 bc 7a aa b7 2a c2 56 6c 3f 14 27 7a 5c c2 4f fc d2 eb 61 02
                            Data Ascii: l0Ga}Ga^qxPwul<gC[8Tv+/3102;,_KR/sO&Z2*(0Mw1Sf1pAI?r~WG#U070,7?z|fq[OsC&2,?GtOoaY3Gz*Vl?'z\Oa


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:22:16:55
                            Start date:30/06/2024
                            Path:C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\Nichiden Viet Nam - RFQ List & Specification..exe"
                            Imagebase:0x720000
                            File size:188'416 bytes
                            MD5 hash:5A5469FF7562AA34384F44EEE04643E1
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1996207930.0000000002F44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1996207930.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1996026931.0000000002A40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2007432511.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1996207930.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1997975874.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1997975874.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2011758594.0000000007730000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1997975874.00000000048A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2007432511.00000000065E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1997975874.0000000003EA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:4
                            Start time:22:17:29
                            Start date:30/06/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                            Imagebase:0xcf0000
                            File size:56'368 bytes
                            MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2124030674.0000000003106000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2120295587.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2124030674.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:moderate
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:6.5%
                              Dynamic/Decrypted Code Coverage:70%
                              Signature Coverage:30%
                              Total number of Nodes:10
                              Total number of Limit Nodes:0
                              execution_graph 24027 2ac0cf0 24028 2ac0d30 CheckRemoteDebuggerPresent 24027->24028 24030 2ac0d76 24028->24030 24031 2ac46d0 24032 2ac46e4 24031->24032 24036 2ac4720 KiUserCallbackDispatcher 24032->24036 24038 2ac4710 KiUserCallbackDispatcher 24032->24038 24033 2ac46f6 24037 2ac4781 24036->24037 24037->24033 24039 2ac4781 24038->24039 24039->24033

                              Executed Functions

                              Function 02AC0CF0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 110 2ac0cf0-2ac0d74 CheckRemoteDebuggerPresent 113 2ac0d7d-2ac0dc0 110->113 114 2ac0d76-2ac0d7c 110->114 114->113
                              APIs
                              • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 02AC0D67
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID: CheckDebuggerPresentRemote
                              • String ID:
                              • API String ID: 3662101638-0
                              • Opcode ID: e60cd48dad042dba55cb3a2dc40f992cc55f2a05448e79e564997c03ef4a6eb9
                              • Instruction ID: 97784e0af9e65313bd7d3e423bbb2ed4f9f8bacf142c8bd765356dace6af748b
                              • Opcode Fuzzy Hash: e60cd48dad042dba55cb3a2dc40f992cc55f2a05448e79e564997c03ef4a6eb9
                              • Instruction Fuzzy Hash: 02213C72900259CFDB14DFAAC4447EEBBF5AF58320F14842ED455A7240CB38A944CFA5
                              Function 0866D9E0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 215 866d9e0-866da08 216 866da0f-866da51 215->216 217 866da0a 215->217 218 866da57-866dad2 call 866de68 216->218 219 866dad8-866dadf 216->219 217->216 218->219 220 866dae5-866db6a 219->220 221 866dc88-866dcd3 219->221 247 866dc82 220->247 248 866db70-866dbec 220->248 231 866dcd5-866dcee 221->231 232 866dd28-866ddef 221->232 231->232 238 866dcf0-866dd23 231->238 245 866de0e-866de14 232->245 238->245 249 866de16 245->249 250 866de1e 245->250 247->221 261 866dc4b-866dc54 248->261 249->250 262 866dc56-866dc5a 261->262 263 866dbee-866dbf7 261->263 262->247 265 866dc5c-866dc77 262->265 266 866dbfe-866dc36 263->266 267 866dbf9 263->267 265->247 273 866dc48 266->273 274 866dc38-866dc46 266->274 267->266 273->261 274->262
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Deq
                              • API String ID: 0-948982800
                              • Opcode ID: d6fd1a4eecec3c0a1849df876d9e032b6e47b2be3e173bb29705d37985067ec4
                              • Instruction ID: fe475c45dd0c415f3a52b9b4fb56f73823d83c7b48dedbbb65e431469b9cef20
                              • Opcode Fuzzy Hash: d6fd1a4eecec3c0a1849df876d9e032b6e47b2be3e173bb29705d37985067ec4
                              • Instruction Fuzzy Hash: 94D1CD74E01218CFDB14DFA9D994B9DBBB2FF88314F1080A9D409AB365DB31A982CF51
                              Function 02AC3368 Relevance: .3, Instructions: 281COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5ab8b70b4a6c5371b1ffb604cef3ecfb5933ec9747131cff6bdc704a9012b000
                              • Instruction ID: 7aa0df57909eb95c86a0352e8493d14a2282f887a3aeee9a75581dd5f6a4610a
                              • Opcode Fuzzy Hash: 5ab8b70b4a6c5371b1ffb604cef3ecfb5933ec9747131cff6bdc704a9012b000
                              • Instruction Fuzzy Hash: 08B12B70E002099FDF14DFA9C98579EBBF2AF88318F24C16DD815AB294EB749845CF91
                              Function 02AC4040 Relevance: .3, Instructions: 266COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8f1a74edee6dacbfdae3ed02a8d754a89b1fea13e3f886f277fbcd2a7df1789e
                              • Instruction ID: 6cef9c4de8057280c8f56abffa6cdb69c5805728589a4fc9154f9406bf7767f1
                              • Opcode Fuzzy Hash: 8f1a74edee6dacbfdae3ed02a8d754a89b1fea13e3f886f277fbcd2a7df1789e
                              • Instruction Fuzzy Hash: 7AB14A70E00209CFDB10CFA9D99579DBBF2AF88314F24812DD859A7394EB749885CB85
                              Function 00E0FE60 Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 e0fe60-e0fe85 1 e0fe87 0->1 2 e0fe8c-e0ff82 0->2 1->2 17 e0ff89-e0ff90 2->17 18 e0ffb1 17->18 19 e0ff92-e0ff9b 17->19 20 e0ffb4-e0ffba 18->20 21 e0ffa2-e0ffa5 19->21 22 e0ff9d-e0ffa0 19->22 23 e0ffaf 21->23 22->23 23->20
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Pq^q$p<^q$p<^q
                              • API String ID: 0-3722607973
                              • Opcode ID: 44f2c5533ee34e74dd950772342fb5907a1b5e82d5e54547674b049474fe5792
                              • Instruction ID: ed89e01f3e55876882283c64b8375938381fd4ed033b9579589eb4babfc65432
                              • Opcode Fuzzy Hash: 44f2c5533ee34e74dd950772342fb5907a1b5e82d5e54547674b049474fe5792
                              • Instruction Fuzzy Hash: 0A41B374E0021CDFCB18DFA9D544AEEBBB6FF88310F108469E405AB364DB319996CB91
                              Function 08654E10 Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 42 8654e10 43 8654e17-8654e21 42->43 44 8654e27-8654e28 43->44 45 865977f-8659786 43->45 44->45 46 865244d-8652461 45->46 47 865978c-865978d 45->47 48 865246b-865247d call 866c898 46->48 49 8652483-86524b1 48->49 49->42
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: "$P|
                              • API String ID: 0-884640479
                              • Opcode ID: 676e14cfc8e1d77c065936e2da2a6ad3d2f09619b0a89d1f87a298c1482ea97b
                              • Instruction ID: ec3874604ad04a3f62f1a1ec710bad0579a59ef657c92b3f2df326654b3672d7
                              • Opcode Fuzzy Hash: 676e14cfc8e1d77c065936e2da2a6ad3d2f09619b0a89d1f87a298c1482ea97b
                              • Instruction Fuzzy Hash: 37019A70A09219DFCB30DF64D99CBAAB3B0FB48305F1050DAD81AA3745CB349E868F11
                              Function 0865244D Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 85 865244d-8652461 86 865246b-865247d call 866c898 85->86 87 8652483-8654e21 86->87 92 8654e27-8654e28 87->92 93 865977f-8659786 87->93 92->93 93->85 94 865978c-865978d 93->94
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: "$P|
                              • API String ID: 0-884640479
                              • Opcode ID: b640ada0869fcadc5ef7891ed08359bc6517925e0ec9e2834c971a1d9528ed28
                              • Instruction ID: 56760a4f77cd608dc7bfd4c7739efac695964ab3d7f18addaecc7077f5e77d64
                              • Opcode Fuzzy Hash: b640ada0869fcadc5ef7891ed08359bc6517925e0ec9e2834c971a1d9528ed28
                              • Instruction Fuzzy Hash: BDF03A74A0421C9FD760DF68EA98A9A73B1FB89304F1084D5E419A3749CB349E818F60
                              Function 02AC0CE8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 102 2ac0ce8-2ac0d74 CheckRemoteDebuggerPresent 105 2ac0d7d-2ac0dc0 102->105 106 2ac0d76-2ac0d7c 102->106 106->105
                              APIs
                              • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 02AC0D67
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID: CheckDebuggerPresentRemote
                              • String ID:
                              • API String ID: 3662101638-0
                              • Opcode ID: ec02c25887ee06597af0a84b72a6ebaeb9976840070eefd8aa5c19a12c55032c
                              • Instruction ID: 16aa89c0213f56e094d5e266faba7fb96ce02ebeb74b846252d5c20fec413c14
                              • Opcode Fuzzy Hash: ec02c25887ee06597af0a84b72a6ebaeb9976840070eefd8aa5c19a12c55032c
                              • Instruction Fuzzy Hash: 3D2169B2900249CFDB14DFAAC4457EEBBF4AF99320F14842AD495A7240CB389985CFA1
                              Function 02AC4710 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 118 2ac4710-2ac477f KiUserCallbackDispatcher 119 2ac4788-2ac47b9 118->119 120 2ac4781-2ac4787 118->120 123 2ac47bb-2ac47c1 119->123 124 2ac47c2-2ac47e2 119->124 120->119 123->124
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000000), ref: 02AC476E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 91915f2ab173649eb2a67ce5e010e29b804c25f032d7207f7896d15ed584f820
                              • Instruction ID: 2a5b37ff072416447b85d052fe70b5c155965414ca240ad0c058cfc2ac34beb2
                              • Opcode Fuzzy Hash: 91915f2ab173649eb2a67ce5e010e29b804c25f032d7207f7896d15ed584f820
                              • Instruction Fuzzy Hash: 682157B1904348CFDB20CFA9C4897DEBFF4EB0A318F248859D458AB651C778A585CFA5
                              Function 02AC4720 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 126 2ac4720-2ac477f KiUserCallbackDispatcher 127 2ac4788-2ac47b9 126->127 128 2ac4781-2ac4787 126->128 131 2ac47bb-2ac47c1 127->131 132 2ac47c2-2ac47e2 127->132 128->127 131->132
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000000), ref: 02AC476E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 7d57ab120193ae86718b084ee8caa8075e339ea30fbe269bfa03282d572c7a83
                              • Instruction ID: 22f86e00dfffe58eea5be64d1fb3159af9a39c9a0b59e1baeb6270e1ef56e247
                              • Opcode Fuzzy Hash: 7d57ab120193ae86718b084ee8caa8075e339ea30fbe269bfa03282d572c7a83
                              • Instruction Fuzzy Hash: EF2132B1900348CFDB10CF9AC08979EBFF4AB09318F208829D558A7250C778A584CFA5
                              Function 0866F3C0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4'^q
                              • API String ID: 0-1614139903
                              • Opcode ID: 932f33d9f6e37dafa55a13c6c5f434326524ce6e6948ab69fdb19fd2511b1309
                              • Instruction ID: df05deb91dcc33f65cf4b2fe2f62e733fbf9ccf05309e053b4244c3aee0f1fd5
                              • Opcode Fuzzy Hash: 932f33d9f6e37dafa55a13c6c5f434326524ce6e6948ab69fdb19fd2511b1309
                              • Instruction Fuzzy Hash: F92191757002049FCB189FA5D958A5D7BB6FF8C320B0580A9E6069B375CE36DC56CBD0
                              Function 00E00A20 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te^q
                              • API String ID: 0-671973202
                              • Opcode ID: 519aa68de8a2b4a12e303aa60af743cbd0245ecba9320bc6b5a04fcf5cffba29
                              • Instruction ID: 94624b958973d13451ec783dc1da84b17c3f9a878b6379fb8cccbc67c5da73fe
                              • Opcode Fuzzy Hash: 519aa68de8a2b4a12e303aa60af743cbd0245ecba9320bc6b5a04fcf5cffba29
                              • Instruction Fuzzy Hash: 2D21D430704200DFC705AB289414BFE77B6ABC5310F2555A9D00BEB6D1DE309D8697D2
                              Function 00E008E7 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te^q
                              • API String ID: 0-671973202
                              • Opcode ID: f2ac84892f85c661f9a7b2e6476c3bfeeadc26e7757b3f2aa6cdc4c6636b5826
                              • Instruction ID: 9ef5f2758f43bbd694c7a27c11a0d886dc4e0e7a2480586565d20e55dd2aa95b
                              • Opcode Fuzzy Hash: f2ac84892f85c661f9a7b2e6476c3bfeeadc26e7757b3f2aa6cdc4c6636b5826
                              • Instruction Fuzzy Hash: 44214A34700205CFD744DF29C598BA9BBE2BFC8720FA46469E406EB3B6CA709C81DB51
                              Function 00E00A30 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te^q
                              • API String ID: 0-671973202
                              • Opcode ID: c3695bc308826f61b5fed23e2132a802b2ccd086898098f5eb1526c41e78bb24
                              • Instruction ID: f9fd3d60f8c6bb23a513ec058a6ad4beff8711064f53a711ac56297908e30ecc
                              • Opcode Fuzzy Hash: c3695bc308826f61b5fed23e2132a802b2ccd086898098f5eb1526c41e78bb24
                              • Instruction Fuzzy Hash: 02118E30704201DFCA44AB689414BFE76F6AB89710F215469D01BFB3D5EE309E8297D2
                              Function 00E00AD5 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te^q
                              • API String ID: 0-671973202
                              • Opcode ID: 1d6c15448b9bec79d26b4688bcaced4673d698aa5a3496521d435c2a045040b4
                              • Instruction ID: bc7aeb351a52d07b36663cbce16e3649c193c0044122baaf6636cd3ffabfde9b
                              • Opcode Fuzzy Hash: 1d6c15448b9bec79d26b4688bcaced4673d698aa5a3496521d435c2a045040b4
                              • Instruction Fuzzy Hash: D4118231304200DBC608A72850147FE32B2ABC5711F3564A5D01BBB3D5DE309DC26392
                              Function 08653054 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: P|
                              • API String ID: 0-2884357417
                              • Opcode ID: c115306935e1cfc86436a2f86dc52fc04d160561c5ac5bcd24aaa751fbb61286
                              • Instruction ID: d64870300156bef2dfbe2ea8bd0468c50d74cf5320c89d43c2ae61ae9b561a55
                              • Opcode Fuzzy Hash: c115306935e1cfc86436a2f86dc52fc04d160561c5ac5bcd24aaa751fbb61286
                              • Instruction Fuzzy Hash: CA31A978A022299FCB64CF69D9889D9B7F1FB49304F0084D6E819A7B55DB34DE80CF51
                              Function 0866FB10 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d3d878a0086c86a324bf4ad15c1c0915f20c79f724fa2fb60525cd9533d6d758
                              • Instruction ID: 6a3c815ffc60c39a98c040bec68bf962544e315421361e4e2c07b13decfef896
                              • Opcode Fuzzy Hash: d3d878a0086c86a324bf4ad15c1c0915f20c79f724fa2fb60525cd9533d6d758
                              • Instruction Fuzzy Hash: F2514E34B006099FCB04EF64E458AAEBBB6FF88711F018119E90697364DF349946CBD1
                              Function 00E020A9 Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f249f16d890419bd3c3a190543de4899624073fe2fb62feb9c01404321a19634
                              • Instruction ID: 3f0486a33bfee6c7956728be433f1946ceb8a643ff1229f8b3a8205dd187553b
                              • Opcode Fuzzy Hash: f249f16d890419bd3c3a190543de4899624073fe2fb62feb9c01404321a19634
                              • Instruction Fuzzy Hash: 2021683120B280DFC7028728984C5E1BFE4BB46350B24619FE746EB1E2D621D8C6E7A2
                              Function 00E012FC Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8b25d5ba54bd2695cf320251df02838fccd006cbd04ab33315c29c6fa6ce955e
                              • Instruction ID: da3727cdcd97a11456af5c88c18a3a2489ec7de30a1e9ba176b84c35c1b36411
                              • Opcode Fuzzy Hash: 8b25d5ba54bd2695cf320251df02838fccd006cbd04ab33315c29c6fa6ce955e
                              • Instruction Fuzzy Hash: 76314A70D002489FCB14DFAAC580ADEBFF5AF48304F248469E849BB390DB349945CF91
                              Function 00E01308 Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 048884febf021f621a5eea4aa2e1bd5c584982ecd8282ba5a9cfabc2d5e3e507
                              • Instruction ID: 405635263d8336b3ae207068a40080b872f095d110f1ef332a5b65df4c17040d
                              • Opcode Fuzzy Hash: 048884febf021f621a5eea4aa2e1bd5c584982ecd8282ba5a9cfabc2d5e3e507
                              • Instruction Fuzzy Hash: 89313970D002489FCB14DFAAC580ADEBFF5AF48304F248069E409BB250DB349985CF90
                              Function 00D2D005 Relevance: .1, Instructions: 80COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995452124.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_d2d000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12d94c4399b97d3aebddee07aa5a5f224121fb39b6891ca5adfaff28ef8b161c
                              • Instruction ID: 26ca0f740dc572826ccd2ea2fce133ff6a7d170318c55a31c317095ee3ab93a2
                              • Opcode Fuzzy Hash: 12d94c4399b97d3aebddee07aa5a5f224121fb39b6891ca5adfaff28ef8b161c
                              • Instruction Fuzzy Hash: 13316F7150D3C48FCB138F24D990716BF72AB56214F2981DBD9858F1A7C23A981ACB72
                              Function 00D2D030 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995452124.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_d2d000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f2da2d302858a01589f21a727e5ab038042a264ce7a2be0d2da7fdc66abc3979
                              • Instruction ID: e33d12f4ce26e4bbcdfb5f2d3787babc488cd80067ddb2d10096a60992cbcb7f
                              • Opcode Fuzzy Hash: f2da2d302858a01589f21a727e5ab038042a264ce7a2be0d2da7fdc66abc3979
                              • Instruction Fuzzy Hash: A8213771504200DFCB11DF14EAC4B2BBF66FBA4318F24C169E8494B266C336D816CBB2
                              Function 0866FD88 Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 33afc61d270c302e71f01e59c1d2e241c01ed2a3c047dc515d97e85e408b6668
                              • Instruction ID: f1af3c5bf4b9809d75469b37b508798be86784a40761ab62c4db9e78df8c23aa
                              • Opcode Fuzzy Hash: 33afc61d270c302e71f01e59c1d2e241c01ed2a3c047dc515d97e85e408b6668
                              • Instruction Fuzzy Hash: 36011B36A002199FCF05CF94D804CD9BB76FF88324B0684A5EA057F235D772E92ADB80
                              Function 0866DE68 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 431a4503168884b10a86bf766113f70176e402b1e9f89ef37216a6d0976f07f2
                              • Instruction ID: ba29b58567e377e655fd8ec5d6fa47835957ef80bc6ee33f7e681b3d9d95f2e9
                              • Opcode Fuzzy Hash: 431a4503168884b10a86bf766113f70176e402b1e9f89ef37216a6d0976f07f2
                              • Instruction Fuzzy Hash: 8C11B7B4E0020DDFDB44DFA9D9456AEBBF5FF88300F1084699418A7354DB319A418BA1
                              Function 00D1D76D Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995154940.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_d1d000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0f214ff59f552d405283c410f93203df2e0c22c63f6a0ff64ee37dc13fc192b5
                              • Instruction ID: e34fd8e85e1f07cb1b2d2b84ca88972f9aa6f1018034096a5d23e96ef6634420
                              • Opcode Fuzzy Hash: 0f214ff59f552d405283c410f93203df2e0c22c63f6a0ff64ee37dc13fc192b5
                              • Instruction Fuzzy Hash: E801A731109344AAE7108A19E9847A7BFD9EF51724F18C529ED4A4A1C6CB79DC84C671
                              Function 00D1D76C Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995154940.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_d1d000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 969473922f40a5210e8f7948e30e4ef11057ef3f583a828161b9b8d8f9903660
                              • Instruction ID: 598a2035fa487c76658c47f9d86604ec1292c22ba55f3ccafe21a0cf165bb278
                              • Opcode Fuzzy Hash: 969473922f40a5210e8f7948e30e4ef11057ef3f583a828161b9b8d8f9903660
                              • Instruction Fuzzy Hash: FBF06D71409344AEE7108A1AE8C4BA2FFA8EB51734F18C55AFD494E286C7799C84CAB1
                              Function 00E00871 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4fe9fe7fe17e3f0548357e0738efe8121a004da16e1f1ed11782a5d4f2eec627
                              • Instruction ID: 63b75af206cb167306a170fdfb7ac3ed0100b3fad89c327e0676b3ac052b4469
                              • Opcode Fuzzy Hash: 4fe9fe7fe17e3f0548357e0738efe8121a004da16e1f1ed11782a5d4f2eec627
                              • Instruction Fuzzy Hash: 87F03034249290DFD306EB6CD454CA43FE8BE47604B1640D2E045CBA73D660DC08CBA2
                              Function 0866E218 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6ae20fb430d6c3855b53c9aa7875c67da05496d96356c1209762515252c5ad28
                              • Instruction ID: 0298168e092fdb5b79b57add3af4ad0efded37467df1742f27f97cbb32cfe266
                              • Opcode Fuzzy Hash: 6ae20fb430d6c3855b53c9aa7875c67da05496d96356c1209762515252c5ad28
                              • Instruction Fuzzy Hash: 6AF01C74D08248EFCB90DFA9D841AADBFF9AB49321F14C0AAE858D3341D6359B12DF50
                              Function 00E008B9 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 11466417d73c65946ac0092fa1c064dcfe37f6dd35c6f5847e54cf3efdadb767
                              • Instruction ID: 98ead61c6c45f4026d8c5cb38c90acade14c4cff277162b4170c31ad6d3d92f8
                              • Opcode Fuzzy Hash: 11466417d73c65946ac0092fa1c064dcfe37f6dd35c6f5847e54cf3efdadb767
                              • Instruction Fuzzy Hash: E6E0922050E3C4DBD713523C4800AE67F649A87254F8509D6D990BB1E6C1501948C7B3
                              Function 0866F370 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b75c84f8eb1179d1630052099f848dc4eecb0a988fe3a1413def53010dc33132
                              • Instruction ID: 7677662080b6f2423d60729ed2925c2d732a4a0d7cf2b60ed09ec48bc522b108
                              • Opcode Fuzzy Hash: b75c84f8eb1179d1630052099f848dc4eecb0a988fe3a1413def53010dc33132
                              • Instruction Fuzzy Hash: BFE012312002055FCB109A1AE884D4BFB9ADEC0364710C539A11A87235DA74ED4986D0
                              Function 00E0205A Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 01fcb4826e3c1fe823f52a08f6739c0420febc511121a2c62e9fe305ac9f34b1
                              • Instruction ID: bd6040cc6a77f67c41ccfffd650ad57bd68ac8e606c35725e3f3a4dc0dbec206
                              • Opcode Fuzzy Hash: 01fcb4826e3c1fe823f52a08f6739c0420febc511121a2c62e9fe305ac9f34b1
                              • Instruction Fuzzy Hash: 9EE0D875744201DFC301D738D05C9AA7BD29F8435473051ADE5479B7BDE6B48C81DB92
                              Function 08669490 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction ID: efc3a94922ca2a78a1057c87a5af5fb7a8b2e689579415e2dec2854c29a5d4b3
                              • Opcode Fuzzy Hash: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction Fuzzy Hash: B1E0C974E05208EFCB94DFA8D84169CBBF4EB48320F10C0A99C1893350D6359A52DF40
                              Function 0866C898 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction ID: 984eb7a77f3d79d5e6890d8cd89be31c442d8103b6bade6ecf2a40b5ff67d93f
                              • Opcode Fuzzy Hash: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction Fuzzy Hash: F9E0C974E05208EFCB54DFA8D84169DBBF5EB58311F10C0AAD84997350D6359A52DF50
                              Function 0866AEE8 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction ID: 75c41fa24845f37f929b97c7e28d4fc18dfd0456572649a409b045ed8a879374
                              • Opcode Fuzzy Hash: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction Fuzzy Hash: FCE0C974E09208EFCB54DFA8D84169CBBF4EB48311F10C0A99808A3350D6319A52DF81
                              Function 08665328 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction ID: fb7d49d60209cb900d39d8723017c0c9f994152b5876019bb020cc6c23486405
                              • Opcode Fuzzy Hash: ade23e33923e8c4e14fcf7e5fe4f6f4853f69baa2b1e6e5a673794969fafbe02
                              • Instruction Fuzzy Hash: 63E0ED74E05208EFCB54DFA8D84569CFBF5EB48311F10C0A9D809A3350D6729A52DF40
                              Function 058E0519 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2006616267.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_58e0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78d185347ffc623e17c01afeab5d1ce86116b5f1ab4b39267e1cd79bca92e594
                              • Instruction ID: 3df0d3a425f4cae493f4a60b4c1ec78e28481b4a8afa333144e69941545d9732
                              • Opcode Fuzzy Hash: 78d185347ffc623e17c01afeab5d1ce86116b5f1ab4b39267e1cd79bca92e594
                              • Instruction Fuzzy Hash: 75E0923890D208EBC724DFA4E9469ECBF74BB42314F1484DDD80957742CA315E46CB52
                              Function 0866EE88 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a887a0c239059123092f30f2b54fdc3874c6ae6fa80186f46370c8449135dacd
                              • Instruction ID: 8d5e40e7c4cf723fea0e4d4e4004143e0d64a6c26320911523eb3e640f24d58c
                              • Opcode Fuzzy Hash: a887a0c239059123092f30f2b54fdc3874c6ae6fa80186f46370c8449135dacd
                              • Instruction Fuzzy Hash: 52E08074909108DBC714DF99E84156DBF789B55311F20C09DE84457341C6315B56DB60
                              Function 08667F08 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7b9a5bd28ae77e03d71a74e7190a2c55d41ad12eb6936fd314844300ac117f6
                              • Instruction ID: c2379b85b3685c3c9324c2dde3556b409acb6fb286b1f7738d72b1e34b3a1ffa
                              • Opcode Fuzzy Hash: b7b9a5bd28ae77e03d71a74e7190a2c55d41ad12eb6936fd314844300ac117f6
                              • Instruction Fuzzy Hash: FDE01A34D09248EBC754DFE8D4415ACBBB4AB48315F10C1E9D81853341CA315A52DF40
                              Function 00E00839 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 33fe45902a683b4334cb6c4ed046e7e1ad1cc937c43a264cd384dd67d690eb61
                              • Instruction ID: 765061aa1c4e7c03f77a6beeefbb5e11c81207578a180c36500221ea25730af2
                              • Opcode Fuzzy Hash: 33fe45902a683b4334cb6c4ed046e7e1ad1cc937c43a264cd384dd67d690eb61
                              • Instruction Fuzzy Hash: 04E0E2240093C4DFD3122B28AC089B53F28A953611B0A56E2E84ACAAB3CA554C59CBB2
                              Function 0866CDE8 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b25ef17e33249190dc016701d0eb7ec17c872d6a8f168b87a657a01566be660
                              • Instruction ID: fb1d4f9f0d7a5f2bf05ae1589cf9d994bec3814f92b4573a3530704ea3329bad
                              • Opcode Fuzzy Hash: 2b25ef17e33249190dc016701d0eb7ec17c872d6a8f168b87a657a01566be660
                              • Instruction Fuzzy Hash: EBE08C34A09208DBC714DFA4E8415ACBBB8AB45321F10809CD80813340CB315E22CBC0
                              Function 058E0528 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2006616267.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_58e0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6ebc3cc11206e76fb595ecacd3be611f4ffb3e93e3cf3bd91adf4f0e9be31fa
                              • Instruction ID: d6402c4acb858aea34c5e6c3384c0e6e13da68d13f01b3cc807b34f7847df602
                              • Opcode Fuzzy Hash: e6ebc3cc11206e76fb595ecacd3be611f4ffb3e93e3cf3bd91adf4f0e9be31fa
                              • Instruction Fuzzy Hash: 87E08C34909208DBC704DFA4E8455ACBBB8BB46314F1084989C0A67341CA719E43CB80
                              Function 0865904B Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e7fd3b3e09c0ba50a6b7b21da688606d955e8941d305e914ddd219634833179
                              • Instruction ID: b46ba031a746325bd95e627c4a5fbb8a2db750ed2b5e980156c360c97c546896
                              • Opcode Fuzzy Hash: 7e7fd3b3e09c0ba50a6b7b21da688606d955e8941d305e914ddd219634833179
                              • Instruction Fuzzy Hash: 86D02B305084048FD3109B90C51C75A3770FB44305F0044C9941957686C77507418F22
                              Function 0866D1E0 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 056bf9a27a44317f3982c89e0276c70b6841fa641df918035ba72ad7cd053b7b
                              • Instruction ID: d6974911002978f3fd457a76026cdf2f8a3afe4a5872fbc490e0f094126ee55e
                              • Opcode Fuzzy Hash: 056bf9a27a44317f3982c89e0276c70b6841fa641df918035ba72ad7cd053b7b
                              • Instruction Fuzzy Hash: C2C08C2028F284C2C120229CB8093B8B6EC8746232F012400A00C001618AF101A1CAA1
                              Function 00E00848 Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 541c28dc3db32bc40ab91762e2ddb41e0cabcfb5f8eee98118c0ca2678abcfb8
                              • Instruction ID: 4ea85b0f0a31944b29d457598bb9338f56c6e9a2d3342f22e60d4afba0585398
                              • Opcode Fuzzy Hash: 541c28dc3db32bc40ab91762e2ddb41e0cabcfb5f8eee98118c0ca2678abcfb8
                              • Instruction Fuzzy Hash: 50C04C31044304CFD2242B60FD0D2693B38FA60712B116471F91FD06B19B611CA29EF0
                              Function 00E009FC Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1995645354.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_e00000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ada8c8302163893d2a9979effbace9e86f136d59b119fd818e5f5597b9a505ce
                              • Instruction ID: e1dc4b4e1a163bb870be673d474bf18b78f0e9e5f1b7a1eca5eb14c5f27fcbe3
                              • Opcode Fuzzy Hash: ada8c8302163893d2a9979effbace9e86f136d59b119fd818e5f5597b9a505ce
                              • Instruction Fuzzy Hash: 76B01220200510164148A57C20113AC48C169E82107A60258840AF32D5EF010F8592B6

                              Non-executed Functions

                              Function 058E0568 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2006616267.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_58e0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: P|
                              • API String ID: 0-2884357417
                              • Opcode ID: f0ea1d8634f69c9feb661dbc49f97977c0198c7db15dabfbb26a9c81c87fc3f6
                              • Instruction ID: c65624c8210de30c55b48157a4639fdfd9b5026b57f97ddcf1aa94ee1f942efa
                              • Opcode Fuzzy Hash: f0ea1d8634f69c9feb661dbc49f97977c0198c7db15dabfbb26a9c81c87fc3f6
                              • Instruction Fuzzy Hash: 4BB16970E06218CFDB14DFA4E599BADBBB2FB4A308F509429D80AA7394DBB45D41CF50
                              Function 058E0558 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2006616267.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_58e0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: P|
                              • API String ID: 0-2884357417
                              • Opcode ID: 0679ddab9bc1135bb0caf832769cb28e354403255604ace6648c0420dd15cf08
                              • Instruction ID: cb6706a07c41f4287879c28f1d6988664b0b7066c88b522e208b25227368c67c
                              • Opcode Fuzzy Hash: 0679ddab9bc1135bb0caf832769cb28e354403255604ace6648c0420dd15cf08
                              • Instruction Fuzzy Hash: FBB15870E05208CFDB14DFA4E598BADBBB2FB4A304F509429D84AA7394DBB45D41CF50
                              Function 02AC3020 Relevance: .2, Instructions: 238COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1996098145.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_2ac0000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a651d281929687c507118de44db0ea7eb65f6ceffe4a1650848ffaf0da2826a
                              • Instruction ID: 1c05697069de229b73792e150737557cbfd0e2a76551d27bc8961e7db86593e4
                              • Opcode Fuzzy Hash: 9a651d281929687c507118de44db0ea7eb65f6ceffe4a1650848ffaf0da2826a
                              • Instruction Fuzzy Hash: 35915C70E002499FDF14CFA9C98579DBBF2AF88318F24C56DE419A7394EB749885CB81
                              Function 0866CE28 Relevance: .2, Instructions: 203COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 747726a43a79f9232c6b900cb08ada3355cf0ff6f5feafe0d51dd3264e430dc3
                              • Instruction ID: b42f891807d1aa1ea117f12bcc91d3d65e2f6576411113cf542517b4caf2b66e
                              • Opcode Fuzzy Hash: 747726a43a79f9232c6b900cb08ada3355cf0ff6f5feafe0d51dd3264e430dc3
                              • Instruction Fuzzy Hash: 4B8157B0E04698CFDB24DFA9C844BADBBF1FF49315F1180A9C009A7251DB745A96CF51
                              Function 08650040 Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8f312f6b656b3ac3728c6e7b6bc4c9ede3690c407a56300d95aef390399089a6
                              • Instruction ID: 8259426ef440d926cd5bf5201c25d040ce5d46ec821d656c4ae2905bbc81ca7f
                              • Opcode Fuzzy Hash: 8f312f6b656b3ac3728c6e7b6bc4c9ede3690c407a56300d95aef390399089a6
                              • Instruction Fuzzy Hash: 8131ABB1D04619CBEB68CF6BC848699FAF7AFC8300F05C1AAD81CA7255DB744A859F11
                              Function 08650021 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7afbc4c702f31d95739faa6a4b46b1aacdd3e2f107543c3244c86608b92a2b6b
                              • Instruction ID: e64f16c93b59861270513e60aa7928800c1bb248f09781b3599ec87d8b9b80b3
                              • Opcode Fuzzy Hash: 7afbc4c702f31d95739faa6a4b46b1aacdd3e2f107543c3244c86608b92a2b6b
                              • Instruction Fuzzy Hash: 2F31EB71D04759CFEB2DCF6B8C48299BAF6AF85300F05C1EAD418AA265DB740A85DF11
                              Function 0866F548 Relevance: 7.9, Strings: 6, Instructions: 406COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2017518299.0000000008650000.00000040.00000800.00020000.00000000.sdmp, Offset: 08650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8650000_Nichiden Viet Nam - RFQ List & Specification.jbxd
                              Similarity
                              • API ID:
                              • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                              • API String ID: 0-723292480
                              • Opcode ID: 0d233b561163bd545a39761f496005c8e73af3bbe66942024c08bb53ba2f3806
                              • Instruction ID: f1acb081617eed9a29a8e142848579f1cab755eb38ef5abd9bbfc3423a4ff309
                              • Opcode Fuzzy Hash: 0d233b561163bd545a39761f496005c8e73af3bbe66942024c08bb53ba2f3806
                              • Instruction Fuzzy Hash: 2BD18232A40114DFCB05DF68D944D99BBB2FF88310F068499E509AB276DB32ED56DF90

                              Execution Graph

                              Execution Coverage:10.4%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:87
                              Total number of Limit Nodes:7
                              execution_graph 35590 13cd01c 35591 13cd034 35590->35591 35592 13cd08e 35591->35592 35595 5592c08 35591->35595 35604 5590ad4 35591->35604 35596 5592c18 35595->35596 35597 5592c79 35596->35597 35599 5592c69 35596->35599 35629 5590bfc 35597->35629 35613 5592e6c 35599->35613 35619 5592d90 35599->35619 35624 5592da0 35599->35624 35600 5592c77 35605 5590adf 35604->35605 35606 5592c79 35605->35606 35608 5592c69 35605->35608 35607 5590bfc CallWindowProcW 35606->35607 35609 5592c77 35607->35609 35610 5592e6c CallWindowProcW 35608->35610 35611 5592d90 CallWindowProcW 35608->35611 35612 5592da0 CallWindowProcW 35608->35612 35610->35609 35611->35609 35612->35609 35614 5592e2a 35613->35614 35615 5592e7a 35613->35615 35633 5592e58 35614->35633 35636 5592e48 35614->35636 35616 5592e40 35616->35600 35621 5592da0 35619->35621 35620 5592e40 35620->35600 35622 5592e58 CallWindowProcW 35621->35622 35623 5592e48 CallWindowProcW 35621->35623 35622->35620 35623->35620 35626 5592db4 35624->35626 35625 5592e40 35625->35600 35627 5592e58 CallWindowProcW 35626->35627 35628 5592e48 CallWindowProcW 35626->35628 35627->35625 35628->35625 35630 5590c07 35629->35630 35631 559435a CallWindowProcW 35630->35631 35632 5594309 35630->35632 35631->35632 35632->35600 35634 5592e69 35633->35634 35640 5594292 35633->35640 35634->35616 35637 5592e58 35636->35637 35638 5592e69 35637->35638 35639 5594292 CallWindowProcW 35637->35639 35638->35616 35639->35638 35641 5590bfc CallWindowProcW 35640->35641 35642 55942aa 35641->35642 35642->35634 35643 1414668 35644 1414684 35643->35644 35645 1414696 35644->35645 35647 14147a0 35644->35647 35648 14147c5 35647->35648 35652 14148a1 35648->35652 35656 14148b0 35648->35656 35653 14148b0 35652->35653 35654 14149b4 35653->35654 35660 1414248 35653->35660 35658 14148d7 35656->35658 35657 14149b4 35657->35657 35658->35657 35659 1414248 CreateActCtxA 35658->35659 35659->35657 35661 1415940 CreateActCtxA 35660->35661 35663 1415a03 35661->35663 35663->35663 35664 141ad38 35665 141ad47 35664->35665 35667 141ae30 35664->35667 35668 141ae41 35667->35668 35669 141ae64 35667->35669 35668->35669 35675 141b0c8 35668->35675 35679 141b0b8 35668->35679 35669->35665 35670 141ae5c 35670->35669 35671 141b068 GetModuleHandleW 35670->35671 35672 141b095 35671->35672 35672->35665 35676 141b0dc 35675->35676 35677 141b101 35676->35677 35683 141a870 35676->35683 35677->35670 35680 141b0dc 35679->35680 35681 141b101 35680->35681 35682 141a870 LoadLibraryExW 35680->35682 35681->35670 35682->35681 35684 141b2a8 LoadLibraryExW 35683->35684 35686 141b321 35684->35686 35686->35677 35687 141d0b8 35688 141d0fe 35687->35688 35692 141d289 35688->35692 35695 141d298 35688->35695 35689 141d1eb 35698 141c9a0 35692->35698 35696 141d2c6 35695->35696 35697 141c9a0 DuplicateHandle 35695->35697 35696->35689 35697->35696 35699 141d300 DuplicateHandle 35698->35699 35700 141d2c6 35699->35700 35700->35689

                              Executed Functions

                              Function 074361E0 Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 377 74361e0-7436218 379 743621a 377->379 380 743621f-7436325 377->380 379->380 393 7436333-7436418 380->393 394 7436327-743632e 380->394 407 743661f-7436628 393->407 395 7436667-7436670 394->395 408 743662f-7436645 407->408 409 743664b-7436665 408->409 410 743641d-7436609 call 7433450 408->410 409->395 436 743661b-743661c 410->436 437 743660b-743661a 410->437 436->407 437->436
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: .$1
                              • API String ID: 0-1839485796
                              • Opcode ID: 41682664bf878523a99cb265a8d4b981401fea630350bbca89ff03b18d06de5f
                              • Instruction ID: 39fab5f084c4c16caf0641d6231a2747ed397b43d798f3768fe92f570da6015d
                              • Opcode Fuzzy Hash: 41682664bf878523a99cb265a8d4b981401fea630350bbca89ff03b18d06de5f
                              • Instruction Fuzzy Hash: 88D1C174E01218CFDB68DFA5C990B9DB7B2BF49304F6084AAC409AB354DB359E86CF51
                              Function 0743F4E0 Relevance: .3, Instructions: 332COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6aed12971b5f5f76a4e5408d03639283da9dada738b87518dbf64c20863a1a2a
                              • Instruction ID: 73e82792e07c01693fc28f1a3194c32f3f8b6482c644eeb8736ad48862b2e21d
                              • Opcode Fuzzy Hash: 6aed12971b5f5f76a4e5408d03639283da9dada738b87518dbf64c20863a1a2a
                              • Instruction Fuzzy Hash: AEF1D274E01229CFDB68DF64C890B9EBBB2BF89304F1085A9D509AB350DB355E86CF51
                              Function 074336D9 Relevance: .3, Instructions: 328COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c56edd8f96499e51384edd08c428e970d8d82f1d1bc272ea841c30387342471b
                              • Instruction ID: e58c839baf9417cc2e5f95ade831c7545b6d435e58423904cca6a90740703f7a
                              • Opcode Fuzzy Hash: c56edd8f96499e51384edd08c428e970d8d82f1d1bc272ea841c30387342471b
                              • Instruction Fuzzy Hash: 57F1A074E01229CFDB64DFA9D894BDDBBB6BB49300F1095AAD50AAB340DB315E81CF50
                              Function 07433EB3 Relevance: .3, Instructions: 328COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 98f614815638f0046dae003656aae4262c7116cf84d624489329c92843db294b
                              • Instruction ID: df7885bf577cc1f8fe5cc61c6b8d8c449b4a15764b21ebea38deb82f7d52f6fd
                              • Opcode Fuzzy Hash: 98f614815638f0046dae003656aae4262c7116cf84d624489329c92843db294b
                              • Instruction Fuzzy Hash: C6E1A474E00229CFDB64DFA9C890BDDBBB2BF89300F1085AAD54AA7250DB355E85CF51
                              Function 07435A98 Relevance: .3, Instructions: 309COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ac23f2c5e22d64e75c7b0f7d385b1bc625d91664a253720d0fe83997bd821e22
                              • Instruction ID: 7dfabc2902eebe90ff235c454e780ce0436e8bef0ba6749764a0cb0478825485
                              • Opcode Fuzzy Hash: ac23f2c5e22d64e75c7b0f7d385b1bc625d91664a253720d0fe83997bd821e22
                              • Instruction Fuzzy Hash: 63E1AE74E01229CFDB68DF65D894B9EBBB2BF89304F1085AAD40AA7250DB305E85CF51
                              Function 0743F078 Relevance: .3, Instructions: 287COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cded9739aa03a6344e348878bc5de46ab5d548763ba855116b3546f075a6a0fb
                              • Instruction ID: cf4b927dbacf017723fe56255a91c511f639114dc2539dff64872e6421ba8000
                              • Opcode Fuzzy Hash: cded9739aa03a6344e348878bc5de46ab5d548763ba855116b3546f075a6a0fb
                              • Instruction Fuzzy Hash: F4D192B4E01219CFDB64CFA9D984B9DBBB2BF89301F1091AAD409AB355DB349D85CF10
                              Function 07435090 Relevance: .3, Instructions: 276COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dcb0fda8b918cf1dbe74f59da28acce5b817643337e531090afd54c4bd912ba8
                              • Instruction ID: 5ede4d1a0b147fb8a10d013eb57d6c05abbd73b51fe95601e91d996503020493
                              • Opcode Fuzzy Hash: dcb0fda8b918cf1dbe74f59da28acce5b817643337e531090afd54c4bd912ba8
                              • Instruction Fuzzy Hash: BBC1C4B0E01229CFEB64DFA5C850BDDFBB2BF89300F1085AAD409AB254DB345A85CF55
                              Function 0743450F Relevance: .2, Instructions: 246COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 58b7d116bbf6b97cbabff28bcfe09e64afe0c44b0cdde4a76454a85416398b4e
                              • Instruction ID: 80466792e7c14e45456d48c66f9b50d1877b9c61f95f016fb6ece004c5df544e
                              • Opcode Fuzzy Hash: 58b7d116bbf6b97cbabff28bcfe09e64afe0c44b0cdde4a76454a85416398b4e
                              • Instruction Fuzzy Hash: 7FB1B1B4E01218CFDB68DFA9C850ADDBBB6BF89300F6084A9D409AB254DB355D86CF51
                              Function 07434993 Relevance: .2, Instructions: 237COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb73574ab1793f0ef642bca540347d74574446829eebb5e248e9bc9128cc2701
                              • Instruction ID: 570a99286295676304d51026e8a3eb104c6a8c0266b6c37daca2cbc08d66ee9a
                              • Opcode Fuzzy Hash: fb73574ab1793f0ef642bca540347d74574446829eebb5e248e9bc9128cc2701
                              • Instruction Fuzzy Hash: 7EA1C2B4E01218CFDB54DFA9C494AEDBBB2FF8A304F1090A9D409AB354DB359986CF51
                              Function 0743F4D0 Relevance: .2, Instructions: 233COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f33bf5e400d3890af30d8951009972b59fce4087f8d1c4a7565b82f3d4bcb6e
                              • Instruction ID: 166cd11fd4af2a939c07d19128a15ec03428898775c8a57c723734b13d6c7ddd
                              • Opcode Fuzzy Hash: 2f33bf5e400d3890af30d8951009972b59fce4087f8d1c4a7565b82f3d4bcb6e
                              • Instruction Fuzzy Hash: 13B1F870E002299FDB68DFA5C850B9EBBB2FF89304F2085A9D4096B355DB315E86CF51
                              Function 0743508B Relevance: .2, Instructions: 225COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e7b46c9f426a58c8f8a1b897d0174841025a1103140f899c5c336347e4737531
                              • Instruction ID: 19929fe7647a179bec6a4f564c3ef9998f2aa053edc5c4343c3024e5640f77b1
                              • Opcode Fuzzy Hash: e7b46c9f426a58c8f8a1b897d0174841025a1103140f899c5c336347e4737531
                              • Instruction Fuzzy Hash: ADA1C3B0D012299FEB24DFA5C854BDDFBB6BF88300F1085AAD409BB250DB345A85CF51
                              Function 0743B47C Relevance: 4.0, Strings: 3, Instructions: 258COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 294 743b47c-743d6a5 297 743d6ab-743d6ad 294->297 298 743d7f9-743d81e 294->298 299 743d6b3-743d6bc 297->299 300 743d825-743d88b 297->300 298->300 302 743d6cf-743d6f6 299->302 303 743d6be-743d6cc 299->303 334 743d897-743d8d6 300->334 335 743d88d-743d896 300->335 305 743d77f-743d783 302->305 306 743d6fc-743d70e call 743c85c call 743cfc0 302->306 303->302 308 743d785-743d7b2 call 743c86c 305->308 309 743d7ba-743d7d3 305->309 306->305 322 743d710-743d763 306->322 329 743d7b7 308->329 317 743d7d5 309->317 318 743d7dd-743d7de 309->318 317->318 318->298 322->305 330 743d765-743d778 322->330 329->309 330->305 341 743d8d8-743d8de 334->341 342 743d8df-743d96c 334->342 341->342 345 743d972-743d980 342->345 346 743d982-743d988 345->346 347 743d989-743d9c1 345->347 346->347 351 743d9c3-743d9c7 347->351 352 743d9d1 347->352 351->352 353 743d9c9 351->353 354 743d9d2 352->354 353->352 354->354
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: (bq$(bq$(bq
                              • API String ID: 0-2716923250
                              • Opcode ID: 19c0908315c24e570ee3caee78217f10ae834e7de81172a48cd371c61d2f6417
                              • Instruction ID: a41517ef58c26a3cefb6dbeb0b3cdd6a06da209e0c5ae2fbcdfec0a6ac7cdc41
                              • Opcode Fuzzy Hash: 19c0908315c24e570ee3caee78217f10ae834e7de81172a48cd371c61d2f6417
                              • Instruction Fuzzy Hash: 73A17CB0E006199FDB14DFA9C4446DEBBF1FF89310F24856AD449AB390DB70A986CF91
                              Function 074355C4 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 439 74355c4-74355cd 440 74355cf-74355f9 439->440 441 74355fc-743573e 439->441 440->441 453 7435744-7435752 441->453 454 7435754-743575a 453->454 455 743575b-743578c 453->455 454->455 457 74357a8-74357ac 455->457 458 743578e-743579a 455->458 462 74357c8-74357cc 457->462 463 74357ae-74357ba 457->463 460 74357a2 458->460 461 743579c-743579f 458->461 460->457 461->460 464 74357e8 462->464 465 74357ce-74357da 462->465 466 74357c2 463->466 467 74357bc-74357bf 463->467 470 74357e9 464->470 468 74357e2 465->468 469 74357dc-74357df 465->469 466->462 467->466 468->464 469->468 470->470
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q
                              • API String ID: 0-355816377
                              • Opcode ID: ba358ae4fced3d77113531e9592a64d93157b0f24a49cee1006aa9c257ab2355
                              • Instruction ID: fbb00e62c04f1c4863dbee82044c4911c6aad5cff3cd9908dfb63e55cd41c6d1
                              • Opcode Fuzzy Hash: ba358ae4fced3d77113531e9592a64d93157b0f24a49cee1006aa9c257ab2355
                              • Instruction Fuzzy Hash: 2761F5B5A10319DFCB14CFAAC885ADEBBF5BF48310F14851AE405AB340DB74A985CF91
                              Function 074355D0 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 471 74355d0-743573e 483 7435744-7435752 471->483 484 7435754-743575a 483->484 485 743575b-743578c 483->485 484->485 487 74357a8-74357ac 485->487 488 743578e-743579a 485->488 492 74357c8-74357cc 487->492 493 74357ae-74357ba 487->493 490 74357a2 488->490 491 743579c-743579f 488->491 490->487 491->490 494 74357e8 492->494 495 74357ce-74357da 492->495 496 74357c2 493->496 497 74357bc-74357bf 493->497 500 74357e9 494->500 498 74357e2 495->498 499 74357dc-74357df 495->499 496->492 497->496 498->494 499->498 500->500
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q
                              • API String ID: 0-355816377
                              • Opcode ID: 9105963e9e060824922c9324a59789f67b8ca92d020b90ba251d601193f0853d
                              • Instruction ID: d01c84cd311b6f0dc80e2c3c90234787608a5287522b405551033568a475366b
                              • Opcode Fuzzy Hash: 9105963e9e060824922c9324a59789f67b8ca92d020b90ba251d601193f0853d
                              • Instruction Fuzzy Hash: F361D3B5A10319DFCB14CFAAC884ADEBBB9BF48710F14851AE405AB340DB74AA45CB95
                              Function 0141AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 925 141ae30-141ae3f 926 141ae41-141ae4e call 1419838 925->926 927 141ae6b-141ae6f 925->927 933 141ae50 926->933 934 141ae64 926->934 929 141ae71-141ae7b 927->929 930 141ae83-141aec4 927->930 929->930 936 141aed1-141aedf 930->936 937 141aec6-141aece 930->937 983 141ae56 call 141b0c8 933->983 984 141ae56 call 141b0b8 933->984 934->927 938 141aee1-141aee6 936->938 939 141af03-141af05 936->939 937->936 941 141aef1 938->941 942 141aee8-141aeef call 141a814 938->942 944 141af08-141af0f 939->944 940 141ae5c-141ae5e 940->934 943 141afa0-141afb7 940->943 946 141aef3-141af01 941->946 942->946 958 141afb9-141b018 943->958 947 141af11-141af19 944->947 948 141af1c-141af23 944->948 946->944 947->948 951 141af30-141af39 call 141a824 948->951 952 141af25-141af2d 948->952 956 141af46-141af4b 951->956 957 141af3b-141af43 951->957 952->951 959 141af69-141af76 956->959 960 141af4d-141af54 956->960 957->956 976 141b01a-141b060 958->976 967 141af99-141af9f 959->967 968 141af78-141af96 959->968 960->959 961 141af56-141af66 call 141a834 call 141a844 960->961 961->959 968->967 978 141b062-141b065 976->978 979 141b068-141b093 GetModuleHandleW 976->979 978->979 980 141b095-141b09b 979->980 981 141b09c-141b0b0 979->981 980->981 983->940 984->940
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0141B086
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 2d4cc1aeb6c7d66ee95881d0ea9bf305d6ad097800a022ccec3c762c7ed192a0
                              • Instruction ID: aa3b5f13cd80f6410d249f509699cc9b612e68b40dd9d885d3412e32051efba8
                              • Opcode Fuzzy Hash: 2d4cc1aeb6c7d66ee95881d0ea9bf305d6ad097800a022ccec3c762c7ed192a0
                              • Instruction Fuzzy Hash: FD7132B0A01B458FD724DF2AD15079BBBF1FF88214F10892EE58A97B64D734E849CB91
                              Function 05590BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 985 5590bfc-55942fc 988 55943ac-55943cc call 5590ad4 985->988 989 5594302-5594307 985->989 996 55943cf-55943dc 988->996 991 5594309-5594340 989->991 992 559435a-5594392 CallWindowProcW 989->992 999 5594349-5594358 991->999 1000 5594342-5594348 991->1000 993 559439b-55943aa 992->993 994 5594394-559439a 992->994 993->996 994->993 999->996 1000->999
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 05594381
                              Memory Dump Source
                              • Source File: 00000004.00000002.2137760612.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_5590000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: ecdf01ca937ad856dcb33b943c1ea08620282983339c07f41533c560ff4adf9c
                              • Instruction ID: a1932f4b58f197ed28b706aa5b94014b12339c27ac7063ee6a2332d68b68d07a
                              • Opcode Fuzzy Hash: ecdf01ca937ad856dcb33b943c1ea08620282983339c07f41533c560ff4adf9c
                              • Instruction Fuzzy Hash: CA4107B5900305CFDB14CF99C488AAABBF5FF88314F24C559E519AB321D774A881CFA4
                              Function 01414248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1002 1414248-1415a01 CreateActCtxA 1005 1415a03-1415a09 1002->1005 1006 1415a0a-1415a64 1002->1006 1005->1006 1013 1415a73-1415a77 1006->1013 1014 1415a66-1415a69 1006->1014 1015 1415a79-1415a85 1013->1015 1016 1415a88 1013->1016 1014->1013 1015->1016 1018 1415a89 1016->1018 1018->1018
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 014159F1
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 776e4f6fb841554b1681f04b10aa9004c93350b715b3d5923713d7e5454ddb07
                              • Instruction ID: 22a81f011a98cf2f19fedbcc16e3d8b5ae35e9ff22bc96c8a2acbccec99da024
                              • Opcode Fuzzy Hash: 776e4f6fb841554b1681f04b10aa9004c93350b715b3d5923713d7e5454ddb07
                              • Instruction Fuzzy Hash: 8441CFB1C00719CADB24CFA9C984BDEBBB5BF89304F24806AD408AB265DB756945CF91
                              Function 01415935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1019 1415935-141593c 1020 1415944-1415a01 CreateActCtxA 1019->1020 1022 1415a03-1415a09 1020->1022 1023 1415a0a-1415a64 1020->1023 1022->1023 1030 1415a73-1415a77 1023->1030 1031 1415a66-1415a69 1023->1031 1032 1415a79-1415a85 1030->1032 1033 1415a88 1030->1033 1031->1030 1032->1033 1035 1415a89 1033->1035 1035->1035
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 014159F1
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 506bb150fde30df820330bcfdddbc307f990ae7c41c5bfea6519e33d6ac96dae
                              • Instruction ID: e5859c2389827773690ccd27f42094a7f03ca12498af5356250dddd72fa44528
                              • Opcode Fuzzy Hash: 506bb150fde30df820330bcfdddbc307f990ae7c41c5bfea6519e33d6ac96dae
                              • Instruction Fuzzy Hash: 9D41D1B1C00719CEDB24DFA9C884BCEBBF5BF49304F24805AD408AB265DB756985CF90
                              Function 0141C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1036 141c9a0-141d394 DuplicateHandle 1038 141d396-141d39c 1036->1038 1039 141d39d-141d3ba 1036->1039 1038->1039
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0141D2C6,?,?,?,?,?), ref: 0141D387
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 870f8856f825b930e4956ef8d2940215727f237829b887c1f793f4999fa7505f
                              • Instruction ID: 1045170799464373a88afdb9bca197616de70cfac52993bc26754c45d7b549a4
                              • Opcode Fuzzy Hash: 870f8856f825b930e4956ef8d2940215727f237829b887c1f793f4999fa7505f
                              • Instruction Fuzzy Hash: 3921E3B5D002589FDB10CF9AD984ADEBFF4EB48310F14841AE918A7320D374A950CFA5
                              Function 0141D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1042 141d2f9-141d394 DuplicateHandle 1043 141d396-141d39c 1042->1043 1044 141d39d-141d3ba 1042->1044 1043->1044
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0141D2C6,?,?,?,?,?), ref: 0141D387
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: a7e590b172220026fba85e57092b267b759d56bd4a539e7ab9451f0240c9b7d0
                              • Instruction ID: 92f7300cfa77ce60113c981bfd7d15310b06908ad47d7112a2976afdedf9ef7d
                              • Opcode Fuzzy Hash: a7e590b172220026fba85e57092b267b759d56bd4a539e7ab9451f0240c9b7d0
                              • Instruction Fuzzy Hash: 3321E2B5D00218DFDB10CFA9D984ADEBBF8EB48320F14841AE918B7350D378A944CFA4
                              Function 0141B2A0 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1047 141b2a0-141b2e8 1049 141b2f0-141b31f LoadLibraryExW 1047->1049 1050 141b2ea-141b2ed 1047->1050 1051 141b321-141b327 1049->1051 1052 141b328-141b345 1049->1052 1050->1049 1051->1052
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0141B101,00000800,00000000,00000000), ref: 0141B312
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1d5e3986a8cf49c181ef60556e62d7f43cf04f9a7e62925e259d333f2739c3a9
                              • Instruction ID: fae582c3205386fff6220c33828ac1135c4b6ca123679e87da5152fcf76c7789
                              • Opcode Fuzzy Hash: 1d5e3986a8cf49c181ef60556e62d7f43cf04f9a7e62925e259d333f2739c3a9
                              • Instruction Fuzzy Hash: 9711E4B69002499FDB14CF9AC844ADFFBF8EB48310F14842AE929A7310C379A545CFA5
                              Function 0141A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0141B101,00000800,00000000,00000000), ref: 0141B312
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: a860daca04776ab401ff950c8dd344467696008dbf81929cd6d61e34348cc297
                              • Instruction ID: 6bae46c06fb00d5783f86c82e2976ab2101817073e53c11a4607324dd5f3db76
                              • Opcode Fuzzy Hash: a860daca04776ab401ff950c8dd344467696008dbf81929cd6d61e34348cc297
                              • Instruction Fuzzy Hash: 0511D3B69002499FDB14CF9AC444ADEFBF4EB48310F10846AE919A7310C375A545CFA5
                              Function 0141B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0141B086
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123417732.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_1410000_aspnet_compiler.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: db29921c7c0bef8d9281ae7e37e5ae1bb426930e006da13876a9f4d0cf599df4
                              • Instruction ID: 6cfbc1e42fd18f0bcdb1a775e02178034c3948e4abb9aeded5a409f4c383ea4e
                              • Opcode Fuzzy Hash: db29921c7c0bef8d9281ae7e37e5ae1bb426930e006da13876a9f4d0cf599df4
                              • Instruction Fuzzy Hash: BD110FB5C003498FDB20CF9AC444ADEFBF4EB88320F10842AD968B7210C379A645CFA1
                              Function 0743C8D0 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te^q
                              • API String ID: 0-671973202
                              • Opcode ID: 0484c3436a6e223faeb910791db2c807c4fd99fd54c87a50b9d8a0d46b6f4960
                              • Instruction ID: f6f922e2d3df2276f11b800b88f5048131fe01a6cbb87ed7483a3cafc99e9779
                              • Opcode Fuzzy Hash: 0484c3436a6e223faeb910791db2c807c4fd99fd54c87a50b9d8a0d46b6f4960
                              • Instruction Fuzzy Hash: 9131C2B4E01218DFDB18DFAAD584AEDBBF1AF8D310F14902AE405B32A0DB345945CB64
                              Function 0743AAE0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: {jhk^
                              • API String ID: 0-3644605944
                              • Opcode ID: 5f3522af245373575ec2773c8fb2740687f1892684959ad1c4c5171408116fd7
                              • Instruction ID: faf4e7ca582e3f0b283b74e31e7551f20e63d312e8c606e3befc59aa26a40e7f
                              • Opcode Fuzzy Hash: 5f3522af245373575ec2773c8fb2740687f1892684959ad1c4c5171408116fd7
                              • Instruction Fuzzy Hash: 3411CD702042028FC725DF78D4546AAB7E2FF85214760497DD15ACB784EB71D946CB90
                              Function 0743AAF0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: {jhk^
                              • API String ID: 0-3644605944
                              • Opcode ID: ccf7ca20dcd439b84c1f9e852ba08477d69ca5c9dad5c49ff3541e9ea1fc11b2
                              • Instruction ID: 9bc57ce6e8476afc37ae57898b12f64b208117c049d335d2e4166946618f45b1
                              • Opcode Fuzzy Hash: ccf7ca20dcd439b84c1f9e852ba08477d69ca5c9dad5c49ff3541e9ea1fc11b2
                              • Instruction Fuzzy Hash: FC11BFB03002118FC725DF29C4846ABB7E6FF84318760893DD11A8BB84EF71E946CB90
                              Function 0743B46C Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: (bq
                              • API String ID: 0-149360118
                              • Opcode ID: 75c2a3a9956d9ed754990574ddcbde9fbd438c04b90aed2cdf21e77aa5cdc522
                              • Instruction ID: d30a1d405a47577b37c1b2b14f007cef1fba3a388638f44fca1dca99af015248
                              • Opcode Fuzzy Hash: 75c2a3a9956d9ed754990574ddcbde9fbd438c04b90aed2cdf21e77aa5cdc522
                              • Instruction Fuzzy Hash: 69F04CB23491905FD604A66D68606FF6B59DBDB610B088067E50AD73C1CD104C0683F5
                              Function 0743BF10 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: {jhk^
                              • API String ID: 0-3644605944
                              • Opcode ID: f988c9446f4a63d4269afd50b87dc8c925b926b4c37be82616a7a50d61ca4d34
                              • Instruction ID: 689ddd5790bf31feae9c1800cb169b28ac6e8dc07ba40b215fc2b5fb3b4866d3
                              • Opcode Fuzzy Hash: f988c9446f4a63d4269afd50b87dc8c925b926b4c37be82616a7a50d61ca4d34
                              • Instruction Fuzzy Hash: 51F0E9B12047515F83121B39941049BBFF6EFC92103514A6FD18AC7755DF74D806C7D5
                              Function 0743BF20 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID: {jhk^
                              • API String ID: 0-3644605944
                              • Opcode ID: 6a1ee4199d5f82e44ec70f47120fb8d69e1ae0a61dedb7cb5cbdbe60a260104f
                              • Instruction ID: ffb6996df5a45d7e55b71c3dd01c63c94ef43370aef3a2f046356a3d5c16f876
                              • Opcode Fuzzy Hash: 6a1ee4199d5f82e44ec70f47120fb8d69e1ae0a61dedb7cb5cbdbe60a260104f
                              • Instruction Fuzzy Hash: F0E092F17047105B82156A2E94145AFB6EAFBC4610350892ED20ECB744DF70E8068BD5
                              Function 07436BAC Relevance: .2, Instructions: 157COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c179d0d9457e609efccaa689b6eab102d269d57fadb9b703a26d8a933e0626d
                              • Instruction ID: b09af4126e1d3c1934872671a7bea93ce8c9ac7f021b290b52367cfd8d5cc2e9
                              • Opcode Fuzzy Hash: 9c179d0d9457e609efccaa689b6eab102d269d57fadb9b703a26d8a933e0626d
                              • Instruction Fuzzy Hash: 3251F8B1A042089FDB10DFA9D444AEEBFF9EFC9314F14C46AE459E7350DA34A901CBA1
                              Function 07434E20 Relevance: .1, Instructions: 131COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4ab927eb76f73ebf5043079f4e64170b0b446a991f6ad64ff2e110c48ba38d1f
                              • Instruction ID: 77f25ebc1c76f22aa7aa27342b6734ad3fcdcd7ab7def57e0cd6e042e93369b7
                              • Opcode Fuzzy Hash: 4ab927eb76f73ebf5043079f4e64170b0b446a991f6ad64ff2e110c48ba38d1f
                              • Instruction Fuzzy Hash: 5051ACB4D012698FDB14DFAAD8483EDBBF1BB89311F14842AE419B7290E7780A85CF50
                              Function 07436DB0 Relevance: .1, Instructions: 123COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c7365150b739d45ad44877e7164b9d9452351178d638fe4302624d2d83ab761
                              • Instruction ID: 1792a3d24e58c1fd3b4aa8d5e7723061806c33a3b201be233ec42be0fbe1068f
                              • Opcode Fuzzy Hash: 3c7365150b739d45ad44877e7164b9d9452351178d638fe4302624d2d83ab761
                              • Instruction Fuzzy Hash: 4241F574D11309DBDB05EFB5D9546EEBBB2BF8A300F20852AE405BB258EB345A85CF41
                              Function 0743D66F Relevance: .1, Instructions: 116COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 602b47ad9bdaed7feb0ab862f0aa2a5e78f9efecd872d80bd8982bb3f6e471a1
                              • Instruction ID: 9da5333e73884c4a8b49d0fd03ae28cab28b3031e630e9f9fd71980904e8b5b4
                              • Opcode Fuzzy Hash: 602b47ad9bdaed7feb0ab862f0aa2a5e78f9efecd872d80bd8982bb3f6e471a1
                              • Instruction Fuzzy Hash: 60412DB1E007099BCB14DFA9C4546DEFBB1BF88310F14C65AD8196B264EB70A985CF90
                              Function 07436DC0 Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb8d11a502f8b8a0c7229b02ac0a6c3269dde4b0f0ef48449e5bdc05e1916ca8
                              • Instruction ID: ea6c9b9d05da6ab35732b5081c5ade648d48ef8d39448f038623e43a5a21abf3
                              • Opcode Fuzzy Hash: fb8d11a502f8b8a0c7229b02ac0a6c3269dde4b0f0ef48449e5bdc05e1916ca8
                              • Instruction Fuzzy Hash: CB41E674D11309DBDB05EFB5D9546EDBBB2BF8A300F20852AE405BB258EB345A45CF41
                              Function 07435827 Relevance: .1, Instructions: 110COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1bd232a303c77365701224da87f1f225cbedfd2316a9a28e75bc52217eb688a5
                              • Instruction ID: f1bf51b7ce40c6dd9c5c1d147c042c375ed199573daab8b498fbb8d6c35c3001
                              • Opcode Fuzzy Hash: 1bd232a303c77365701224da87f1f225cbedfd2316a9a28e75bc52217eb688a5
                              • Instruction Fuzzy Hash: 2141C2B1D00258EFCB14DFAAC984ACEFBF5AF48310F14851AE819AB350DB74A945CF95
                              Function 07434E13 Relevance: .1, Instructions: 108COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 951d076d0a7b76490c1d2169e71918fb1da12c68dda321fd0d4731e450caedb5
                              • Instruction ID: a5b0bb3360dcdd927508bed654c99f930f888cff3ccbb270ade2cf5f2698a80b
                              • Opcode Fuzzy Hash: 951d076d0a7b76490c1d2169e71918fb1da12c68dda321fd0d4731e450caedb5
                              • Instruction Fuzzy Hash: 5641B0B0D012A9CFDB14DFAAC4483EEBBF1BF89315F18852AD419A7294D7780A85CF40
                              Function 07435830 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2554e058b1b9c6f3275e974da99865cf20b87ad4194f39472efa4d74534a8f30
                              • Instruction ID: 15ce0f96847445ed14dc44b18cf115c75cddddfe2d3451a58e1446ab412127a8
                              • Opcode Fuzzy Hash: 2554e058b1b9c6f3275e974da99865cf20b87ad4194f39472efa4d74534a8f30
                              • Instruction Fuzzy Hash: 5841B2B1D00258EFCB14DF9AC584ACEFBF5AF48310F14851AE819AB350DB74AA45CF95
                              Function 0743E9F3 Relevance: .1, Instructions: 104COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e15d0bae1e8596aba109379845bdc24abddb8e20449a0f439d6f0c0076c2af92
                              • Instruction ID: 806dd48841e83244c65fc0aa176141c42f21eeaa896a7b2b3a20199f3eaf0fe2
                              • Opcode Fuzzy Hash: e15d0bae1e8596aba109379845bdc24abddb8e20449a0f439d6f0c0076c2af92
                              • Instruction Fuzzy Hash: 3041D0B0E01229DFCB48DFA8D854AEEBBB2BF89301F10842AE415B3750DB355946CF55
                              Function 0743D070 Relevance: .1, Instructions: 103COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 209421fd79ea264cc1507738390e4ea1e27a232033602830ca1a27b653170426
                              • Instruction ID: 6e685454c13d465a1d6801350cc99bcd2eba7eeee0630677159723505ddbb608
                              • Opcode Fuzzy Hash: 209421fd79ea264cc1507738390e4ea1e27a232033602830ca1a27b653170426
                              • Instruction Fuzzy Hash: 5B3125B1E10219CFCB10DFA9D9446EEBBF4FB88214F10842AD419A7250DB3899058FA5
                              Function 07439EEC Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c3434b750fb3b49ec4ae4e1f9af2c2b38f8e057553f7155fe1e855a650e6de98
                              • Instruction ID: 12339e6dc6d01ea5a6b83250bdddd8f00985cf25255674d918ac88d7b1c90e75
                              • Opcode Fuzzy Hash: c3434b750fb3b49ec4ae4e1f9af2c2b38f8e057553f7155fe1e855a650e6de98
                              • Instruction Fuzzy Hash: 0C41E2B1D00219DFDB24CFA9C984ADEBBB5BF48314F64802AE448BB210D7756A46CF91
                              Function 0743E9FE Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7bf6d42817230c61939805b97c969d1a0e25b387bf789782a4106c43490b873b
                              • Instruction ID: d223553c7e0dc0e67b503cf85cc917dd8eed0fa9cc8a1f0fba3881add41bac1e
                              • Opcode Fuzzy Hash: 7bf6d42817230c61939805b97c969d1a0e25b387bf789782a4106c43490b873b
                              • Instruction Fuzzy Hash: 2941C1B0E01219DFCB48DFA8D854AEEBBB2BF89301F10842AE515B3750DB355946CF55
                              Function 0743EA00 Relevance: .1, Instructions: 100COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e915a00bde0c12b4128002d6205ca75950f01518dfa1a11170f549a9f9de9617
                              • Instruction ID: ea2ab90e99158afa8d07f0f78c8d97a9369c9733dd52f2e19af3dd9551123e40
                              • Opcode Fuzzy Hash: e915a00bde0c12b4128002d6205ca75950f01518dfa1a11170f549a9f9de9617
                              • Instruction Fuzzy Hash: FA41E1B0E01219DFCB48DFA8D854AEEBBB2BF89301F10842AE415B3750DB355946CF55
                              Function 07439934 Relevance: .1, Instructions: 99COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 757f0ef9f061d3412ecbca7a411e8b70c85336072e8fa4f8b470e2b5ed5a4db3
                              • Instruction ID: b5a837fa29bd6aa4d3a681a21fb93e21618a9c747ed7b6fc37622f806f98d1c0
                              • Opcode Fuzzy Hash: 757f0ef9f061d3412ecbca7a411e8b70c85336072e8fa4f8b470e2b5ed5a4db3
                              • Instruction Fuzzy Hash: 3341E2B1D0020DDBDB24CFA9C984ADEBBB5BF48304F64802AE409BB250D7756A46CF90
                              Function 07439DF0 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9091a5465dcbdc19e471e643cd6f8f8175383b20f6c4be92ee02e77fa7107942
                              • Instruction ID: be1371be77babfc21da859d18f452f5818d0bb178e8bb7ec09ef2f9d60683116
                              • Opcode Fuzzy Hash: 9091a5465dcbdc19e471e643cd6f8f8175383b20f6c4be92ee02e77fa7107942
                              • Instruction Fuzzy Hash: D421E4756042058FC710DF39C4444EBBBEAEF8531471488AAE54ADB760EB71EC0ACB91
                              Function 013BD1FC Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 22dbeeb7b3abdd76a24c0a8e794aa11051bf030640ea6179d55d0055547d6446
                              • Instruction ID: a5fffd7b1b01a8be3ce78b9a70c246ca2d3f043e059d67f9d932cb1805d0b03e
                              • Opcode Fuzzy Hash: 22dbeeb7b3abdd76a24c0a8e794aa11051bf030640ea6179d55d0055547d6446
                              • Instruction Fuzzy Hash: 67212171500284DFCB06DF88D9C0B6ABF65FB88328F20C169EE090EA56D336D416CBA1
                              Function 013BD4C4 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 16a346caf631162e632d9df01f4ccbf55291b6c6d9bad7d645e7816159a1e5a4
                              • Instruction ID: b3045b353eae437a4fc8a7fd7155eefce39f82e9132b2ffaa99b31d9033f2729
                              • Opcode Fuzzy Hash: 16a346caf631162e632d9df01f4ccbf55291b6c6d9bad7d645e7816159a1e5a4
                              • Instruction Fuzzy Hash: 22213771500244DFDB05DF58D9C0B67BF65FB8831CF20C56AEA090BA56D33AD456CBA1
                              Function 013CD01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123199089.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13cd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a4479a6fd9a9fa877f17e9aaf986d826b7a95fbe0252012b3d35f8be12920017
                              • Instruction ID: b841f5ffad9480c0bd37c805e71e7cbcc03709eb1a3eca43f984c4beaadba861
                              • Opcode Fuzzy Hash: a4479a6fd9a9fa877f17e9aaf986d826b7a95fbe0252012b3d35f8be12920017
                              • Instruction Fuzzy Hash: B4210071604204DFCB15DF58D984B26BBA5FB84B18F20C57DE80A4B256C33AD847CBA1
                              Function 0743C86C Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d27e8b862cf4e59a47bc6ba02861cea3fee52988d6d783906aca83fe2c50b25
                              • Instruction ID: cc33d9ef3439dc44bcfaee734b3d6b942327aa9d58f6b4611caeb786a8a1fa61
                              • Opcode Fuzzy Hash: 6d27e8b862cf4e59a47bc6ba02861cea3fee52988d6d783906aca83fe2c50b25
                              • Instruction Fuzzy Hash: AE31D1B0D11218EFDB20CF99C588BDEBBF5AF49314F24845AE408BB250C7B56945CFA1
                              Function 013CD006 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123199089.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13cd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6e550483268150aff774f862f05d2a8646e9c398df9e4b9dd406d0aad19d19f3
                              • Instruction ID: e4f449bc36dbe8a6cd4ad55719c31f6fc704cd53df1388dd9203e0273c6d6150
                              • Opcode Fuzzy Hash: 6e550483268150aff774f862f05d2a8646e9c398df9e4b9dd406d0aad19d19f3
                              • Instruction Fuzzy Hash: AF2195755083809FCB03CF58D994711BF71EB46214F24C5EAD8498F2A7C33A9806CBA2
                              Function 07439DE0 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fed69cff635761d1c2919955995256d5bbcccf9c342758e39371f32f4001121
                              • Instruction ID: fb1bef00f791ff0fd0d1158e71c6abfd9bfbf2917052dd1edffbd7f1f7a6797b
                              • Opcode Fuzzy Hash: 6fed69cff635761d1c2919955995256d5bbcccf9c342758e39371f32f4001121
                              • Instruction Fuzzy Hash: 0E21D2B16002068FC714DF68C4448DFBBF6EFC5214B0489AAE54ADB760EB74ED08CB91
                              Function 0743550B Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7cb7a3db7810de99741951fba953103534b8d76d74dbccd76571d817b3fa4e3a
                              • Instruction ID: 7897128afd0d47937d06467cc38ac92545a3a23ff0956b831869e4eeb41e7a41
                              • Opcode Fuzzy Hash: 7cb7a3db7810de99741951fba953103534b8d76d74dbccd76571d817b3fa4e3a
                              • Instruction Fuzzy Hash: CC21D3B1901259EFCB04CF99D884ADEFBB4FB48314F10812AE918A7250D374A954CFA5
                              Function 0743CFC0 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68629d5cfe36d74c7a80b9b6a4152975206e518614ebb2eec2d3c9b42c8a39de
                              • Instruction ID: 70b3224153e21f587f103039b4c375a3ad21968b55936828aa8f156b2920a195
                              • Opcode Fuzzy Hash: 68629d5cfe36d74c7a80b9b6a4152975206e518614ebb2eec2d3c9b42c8a39de
                              • Instruction Fuzzy Hash: F911E771D0060A8ECB10DFA9D8808DEFBB4FF49314B10966AD559B7211E730EA95CB91
                              Function 013BD1F7 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                              • Instruction ID: d4db9897799fae351b0858763590d875b944320a05bf96d467f875f3a6b32b23
                              • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                              • Instruction Fuzzy Hash: 57219D76504280DFDB06CF54D9C4B56BF62FB84328F24C5A9DD090E656C33AD42ACBA1
                              Function 07435510 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19efefe60218ef681a3016eb7cc351df55dc907010565154338e72c0db853423
                              • Instruction ID: 1d794daf267d0fc1fa25a1dc6318f5143da92635f636ad5dda6ecb97d5dd717a
                              • Opcode Fuzzy Hash: 19efefe60218ef681a3016eb7cc351df55dc907010565154338e72c0db853423
                              • Instruction Fuzzy Hash: 0B21B2B1D01259EFCB04CF99D884BDEFBB4FB48314F10852AE918A7250D374AA54CFA5
                              Function 013BD4BF Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                              • Instruction ID: aa5849769c3cdaa8b1cbe02de43c1b116f2112ef2ac7439274cc0708d921c804
                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                              • Instruction Fuzzy Hash: 1611E172404280CFCB02CF54D5C4B56BF71FB84318F24C6AAD9090B656C33AD45ACBA1
                              Function 074397D0 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1f6b85b3ab40b84a87dad3e5ca6be5e7cc4d511bd1fca1919b30ca93ccb6c36
                              • Instruction ID: a3216fff1c96ca4fc92ebb430a81959a605aae6ac19001ec645e0613d896e24d
                              • Opcode Fuzzy Hash: e1f6b85b3ab40b84a87dad3e5ca6be5e7cc4d511bd1fca1919b30ca93ccb6c36
                              • Instruction Fuzzy Hash: 3A21E4B5D003499FCB20CF9AD944ADEBBF4FB48314F10841AE929A7310C375A954CFA5
                              Function 07436677 Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f39d73fe8a58cfc6134077fa8b24f09c57ce3f182e377eda4c3d8986541490de
                              • Instruction ID: 1197b030be8d63df326bcd4a3547e0bacd2a7f68bf89f91ec908c71ea4dff9f8
                              • Opcode Fuzzy Hash: f39d73fe8a58cfc6134077fa8b24f09c57ce3f182e377eda4c3d8986541490de
                              • Instruction Fuzzy Hash: 60110AB4D0521EDFCB10DFB4E4456EEBFB5EB09351F10416AD548A3240D7355654CF91
                              Function 07439CD8 Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 958c12414b690ac4eddea3929ecb7137b044e9b847af1e59dfd081c7e99a173a
                              • Instruction ID: 2f75a6a3ebb4a39f3727da92a659d36972e0d5bba923f8aea62e37bc05b154c6
                              • Opcode Fuzzy Hash: 958c12414b690ac4eddea3929ecb7137b044e9b847af1e59dfd081c7e99a173a
                              • Instruction Fuzzy Hash: 3921E4B5D002499FCB10CF9AD984ADEBBF4FB48324F10851AE928A7260C375A554CFA5
                              Function 07433530 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a4b1d06fd70fc726c10fbd2b6b27d5612d4404f80f4add4e898f0b4ec3255af
                              • Instruction ID: 62e9b579b7850a4e7bfd61cd52345c2ab53928229f8dcde3cba2e6f339190ed3
                              • Opcode Fuzzy Hash: 5a4b1d06fd70fc726c10fbd2b6b27d5612d4404f80f4add4e898f0b4ec3255af
                              • Instruction Fuzzy Hash: 04115B75E0022A8FCB45DFA8E8606EFBBB2FF88710F00456AD115AB390DB355A45CBD1
                              Function 07433BAD Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 278d9187a4776f443f8ed21f4e28d98545fe610b723bbfc454e86da647734fe8
                              • Instruction ID: 51aa24316f07c41d0bea6c8c2d10df57b6bdc21a5ee26e5916b73baba4f11e19
                              • Opcode Fuzzy Hash: 278d9187a4776f443f8ed21f4e28d98545fe610b723bbfc454e86da647734fe8
                              • Instruction Fuzzy Hash: C711DDB5E05218CFCB14CFA8D084AECFBB5FB4A311F2464AAD40AB7241D7359986CF14
                              Function 0743C420 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5ed7e759b458fc80ba92e62bc5581aa2497c0bb9724a0a53b749f6d0b3ec2d72
                              • Instruction ID: 9551100d2c0b5f585bf6872037964d99f7c309e8f5a710fb72490534f1c9eb43
                              • Opcode Fuzzy Hash: 5ed7e759b458fc80ba92e62bc5581aa2497c0bb9724a0a53b749f6d0b3ec2d72
                              • Instruction Fuzzy Hash: 301133B58003588FDB20DF9AD485BEEFBF4EB48320F20841AD959A7350C334A944CFA6
                              Function 0743B450 Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: da92f5b55a070661358bc28c3892a8233221a7e592c69e60361d710f0c72cb9a
                              • Instruction ID: a5fd34b5b416503c97e666797aa0c679311c5507d6a1d143192ea33cb04ef4df
                              • Opcode Fuzzy Hash: da92f5b55a070661358bc28c3892a8233221a7e592c69e60361d710f0c72cb9a
                              • Instruction Fuzzy Hash: B61133B19003489FDB20DF9AC484BDEFBF4EB48320F10841AD958A7350D374A944CFA5
                              Function 0743B32C Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8d838983c92f36ed6b73d7463f7048fc71f8883be8ccb157c1741d7afe1e1009
                              • Instruction ID: 96e30f5ba826be9347309a05d21f6700ddeb36e49e5e4da2659b61d557eba2b1
                              • Opcode Fuzzy Hash: 8d838983c92f36ed6b73d7463f7048fc71f8883be8ccb157c1741d7afe1e1009
                              • Instruction Fuzzy Hash: EE015EF06147109BD324CB2ED846663BBF9FB89710F448E1AE54A86710CB75EC03CB55
                              Function 0743D061 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a4c858d2985e05275f15b93d9062f913ca8c2ce6479ffaadd07b87fa45e1536
                              • Instruction ID: 1680d14126c985b0cb78e6b5ae0adf515c90dac5976dc0a2a4ae8b91e71bc3ed
                              • Opcode Fuzzy Hash: 7a4c858d2985e05275f15b93d9062f913ca8c2ce6479ffaadd07b87fa45e1536
                              • Instruction Fuzzy Hash: 2701D4B1E0020ACBEB10DB60D9106EFB7B5EB8CA18F104427C816BB350DA355D07CFA5
                              Function 013BDA1D Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1b8c77daa97bfad1caf7d6f9cda514cbcf9733a583b46ab12a5c98e4353ce32
                              • Instruction ID: 33715cee59340697535af3f9c25c810668889378224d4771ac2dd1eccf98b1e6
                              • Opcode Fuzzy Hash: e1b8c77daa97bfad1caf7d6f9cda514cbcf9733a583b46ab12a5c98e4353ce32
                              • Instruction Fuzzy Hash: B501F77100D3449AF7118A59C9C47A7BF9CEF4132CF08C469EE080A986D2399940C6B1
                              Function 07433540 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8572e3729d4e2a250b28298c925a6acbecfce739ced1cbed03387869b2402501
                              • Instruction ID: 0190bde6e4a88199bf6e7719d5d999ed79bb218ac760fa533363f59a7605b98d
                              • Opcode Fuzzy Hash: 8572e3729d4e2a250b28298c925a6acbecfce739ced1cbed03387869b2402501
                              • Instruction Fuzzy Hash: 6201E974E0021A9FCB44DFA8D8506EFBBB5FF88310F10452AD515A7390DB355905CBD1
                              Function 074359C8 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c45c90e7aee0633047a0dc29b99b3d2f169b48827751b9a42a3e7a9b840d4e8
                              • Instruction ID: ac7fee9218ed5db0de721a0f5ee6132122769e907cfa60b10f0af95b75a5de42
                              • Opcode Fuzzy Hash: 9c45c90e7aee0633047a0dc29b99b3d2f169b48827751b9a42a3e7a9b840d4e8
                              • Instruction Fuzzy Hash: BD1123B1800249CFCB20DF9AD484BDEFBF4EB48324F20845AD568A7350C374A944CFA5
                              Function 0743DC04 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dc89f8f32373a77149b9a1ecfefd3dd6e54d09b2f817ce0deedcfa92d9b186c6
                              • Instruction ID: 3bd1cc750d4e56d25621d747f21c7435f869c1b2f51ab501bd2b55dc7384a90c
                              • Opcode Fuzzy Hash: dc89f8f32373a77149b9a1ecfefd3dd6e54d09b2f817ce0deedcfa92d9b186c6
                              • Instruction Fuzzy Hash: 0D01EDB1D14219DFDB20CF69C8043EEBBB5AF49350F148216E428AA290D7B45A45CFD1
                              Function 074359C0 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c1c19d2cc6f498d03b544d5ad95762bccdc7d5717561709352e348da7ce1dbb5
                              • Instruction ID: b39679eeb26fad126978c231a93c8f06549765a430db6b126dee19541a611dd6
                              • Opcode Fuzzy Hash: c1c19d2cc6f498d03b544d5ad95762bccdc7d5717561709352e348da7ce1dbb5
                              • Instruction Fuzzy Hash: FF1127B5900259CFCB10DFAAD5847DEFFF4AB48324F20845AD568A7650C378A544CFA5
                              Function 0743DCA0 Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86455fed8a0a7bf24369271318c92be6573c044a2f5dd5dc2b604c54c309a5fb
                              • Instruction ID: 4e71450171d728ad95c523572ff21339c3e5e115699957422e3edb596ae581f1
                              • Opcode Fuzzy Hash: 86455fed8a0a7bf24369271318c92be6573c044a2f5dd5dc2b604c54c309a5fb
                              • Instruction Fuzzy Hash: DDF090767042146FD3148B5E9C84AABFBEDEFCA620715806BE548D7762CA70AC00C7A5
                              Function 0743E1FE Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 69b47cd1f65fa23e1b9abe3139efecea5ba660d4818753f071c3be1b65cc3646
                              • Instruction ID: 571e90f175b783e9972e710c138c4b3b343e749691a43cbcee31859089bd3ead
                              • Opcode Fuzzy Hash: 69b47cd1f65fa23e1b9abe3139efecea5ba660d4818753f071c3be1b65cc3646
                              • Instruction Fuzzy Hash: 3501D6B0C0621ADFCB54EFB8D4456AEBFB1BB09301F1084AED914A3340D7744A81CF95
                              Function 0743E200 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be7599f79725e9155be0bc0edb106742bf0b1a94e3e8182c0b8cbea1ccd8561a
                              • Instruction ID: c4fda7f301bf6a76f1fd7a71b78b70dddde63c2494c88335813433cf82f65ed4
                              • Opcode Fuzzy Hash: be7599f79725e9155be0bc0edb106742bf0b1a94e3e8182c0b8cbea1ccd8561a
                              • Instruction Fuzzy Hash: DE01D6B0C0521ADFCB54EFB8D4456AEBFB1BB09301F5084AED914A3340D7345A80CF95
                              Function 013BDA1C Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2123124124.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_13bd000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 64d54715b02e7740c135d2b0de7df8932cd0e39f3c6d7d0d078de06fac324982
                              • Instruction ID: 5c88ae71c814ea0af0973939e682c9a7e75c17a30c925c473317415e05b082c9
                              • Opcode Fuzzy Hash: 64d54715b02e7740c135d2b0de7df8932cd0e39f3c6d7d0d078de06fac324982
                              • Instruction Fuzzy Hash: 26F06271409344AEF7118A1AD8C4BA2FFA8EB41728F18C55AEE584E687D2799844CAB1
                              Function 07436688 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aa37e46f3b63d868e0dd77f91bb5fa93a155afcf1e206b617d0b341330b7577f
                              • Instruction ID: 32d4ac94036c665ca11556464ffd5748ee46a93024cf75eb8e51df9bd192cb3f
                              • Opcode Fuzzy Hash: aa37e46f3b63d868e0dd77f91bb5fa93a155afcf1e206b617d0b341330b7577f
                              • Instruction Fuzzy Hash: 9901D6B0C0120ADFCB40DFB8D4496AEBFB0AB09301F20816A9904B3340D7345644CF95
                              Function 0743C0B8 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 577a8437e785e0bb5f4e13bcd8673257040c091effcce969b51407a0e8970ab1
                              • Instruction ID: d09ce15610822dd3243bebfec2612b716f6cf33dac981c8ce39714e7bc7958be
                              • Opcode Fuzzy Hash: 577a8437e785e0bb5f4e13bcd8673257040c091effcce969b51407a0e8970ab1
                              • Instruction Fuzzy Hash: ACF06D74A00715AFCB30CFA998404DABBF8EF4921070085ABE485D7600DB35AA58DBA1
                              Function 0743DC10 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8b86e38750fb62dd7065a6e4246b4d68153cad7ad37b6301031f0191ce61b9fa
                              • Instruction ID: ffab23dfd94e750adb0c3aacb504233cde2610c6b7d0cd22ec713e9f2e1bcc58
                              • Opcode Fuzzy Hash: 8b86e38750fb62dd7065a6e4246b4d68153cad7ad37b6301031f0191ce61b9fa
                              • Instruction Fuzzy Hash: FE01ECF0D10219DFDB14CF6AC4043EEBAF5BF49350F108626E428AA290D7B44A45CFD1
                              Function 07439C16 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0a401d4f608c49986af6c286de7ae08cbc436bc5ca9533ce7cdf12781b22cddf
                              • Instruction ID: 6672d3d6bbb42f9d599ef55374d1d3984c2bb7e403c70017e4d13501047bbe52
                              • Opcode Fuzzy Hash: 0a401d4f608c49986af6c286de7ae08cbc436bc5ca9533ce7cdf12781b22cddf
                              • Instruction Fuzzy Hash: C4F05476A00109AF9B04DF5AD940CAF7BBAEBC8214B08C16BE51CE7264D770D914CF50
                              Function 0743DCEF Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b32c6809d0dfe5130b7c5e8cfb53afa7daf2831d7c9a336102413172c6a7e22
                              • Instruction ID: 183c4bef8495b88b630488ddd4075c5dbe84bccf3a9fe542980d76234ded0686
                              • Opcode Fuzzy Hash: 2b32c6809d0dfe5130b7c5e8cfb53afa7daf2831d7c9a336102413172c6a7e22
                              • Instruction Fuzzy Hash: 2AF0A0363046106FD3108B0AEC84E46FBA8FFCA76071580A6F509CB762C630AC1ACBA4
                              Function 0743DCB0 Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dadec1356509463dfd4a53607091653398daf57c306f5fe649bf1dd28d7b48a5
                              • Instruction ID: ed9e46d3d274ce60e83b178e53c5be193889d44196ebb7688bce3beb1d396193
                              • Opcode Fuzzy Hash: dadec1356509463dfd4a53607091653398daf57c306f5fe649bf1dd28d7b48a5
                              • Instruction Fuzzy Hash: 73E09B717001145FD3049B5EDC80D5BFBEDFFD9620B11407AF544D7350CA70AC0086A4
                              Function 0743A7B3 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 38244d1d0974bbaaf54e0b53387f8b1438f0ce082e88d21250797e94536cf1fa
                              • Instruction ID: 349cad52b9780d2ab62ddad793b7aa7fdf7c31871ebae1a3fc17e22d5ee9fe9f
                              • Opcode Fuzzy Hash: 38244d1d0974bbaaf54e0b53387f8b1438f0ce082e88d21250797e94536cf1fa
                              • Instruction Fuzzy Hash: B5F082B6105396EFCB028F60D9409D73F75EF5A211B09C057F58887252C331D925DB91
                              Function 0743EBEB Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5f9f0b9e3df0224c19348018e12b592475a0590a0de5aa638c173231c8650a91
                              • Instruction ID: 3a0f9eff6dd322993594a0d7776df1b26c0dfcb5e62382edcbad3fc868923f88
                              • Opcode Fuzzy Hash: 5f9f0b9e3df0224c19348018e12b592475a0590a0de5aa638c173231c8650a91
                              • Instruction Fuzzy Hash: E1F0E5B050A299EFC301DFB8E4405DDBB74FB05304F4042ABE408D7251DB356E85D781
                              Function 0743C0C8 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d8feb02d858c1ccfa22297a4c58b7954e95ecd4008ce5ab11a134857fce9021
                              • Instruction ID: 5889ae72c7bf108a51717ad8ed3814ef3106ac0fc5c858e3457e50c017c52779
                              • Opcode Fuzzy Hash: 6d8feb02d858c1ccfa22297a4c58b7954e95ecd4008ce5ab11a134857fce9021
                              • Instruction Fuzzy Hash: BCF030B5E00724AB8F34CFA9D84489ABBF9FF48610B00856AE45593600D772EA14CFA0
                              Function 0743CF49 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8848c2b2e0b7e68291d0b52fd149cc7f3c4434c8b1d0ab3971a30db598f97922
                              • Instruction ID: 88220635e00b40c6132ed2c966c3da690976227cf552d31044ebd9ba39b166fb
                              • Opcode Fuzzy Hash: 8848c2b2e0b7e68291d0b52fd149cc7f3c4434c8b1d0ab3971a30db598f97922
                              • Instruction Fuzzy Hash: 00E0DFB230A2911BD31A015A2860AFB6B598BDA620B09406BF50CCA2C1C850080593B9
                              Function 0743ABB8 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 872fbb1ca01db9cc87677fe9f1f6cf35c0cf1f55a67d9142c9fe306a41dfcef0
                              • Instruction ID: 387b65692e7da64e44bb4a584064b1edd593cf20febbf575b9c4e157e7fc7870
                              • Opcode Fuzzy Hash: 872fbb1ca01db9cc87677fe9f1f6cf35c0cf1f55a67d9142c9fe306a41dfcef0
                              • Instruction Fuzzy Hash: 17E04F75B541146B87149E5EA4848BBBBAFFFCD5243A580BAE20DC7311DE61EC078690
                              Function 07439D88 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2be943218c7283fd12e7f73165797b5c2e2361821f563911a608717b00f8c4da
                              • Instruction ID: 347780fe5203801ddd68e6abe32f5cc46b42c8a580c26a183cceaf65d56d0f0e
                              • Opcode Fuzzy Hash: 2be943218c7283fd12e7f73165797b5c2e2361821f563911a608717b00f8c4da
                              • Instruction Fuzzy Hash: 8BF03970905206EFCB01DFB4EA5049CBBB1FF45215B2049AAE845E3650EA3E6E99DF12
                              Function 07433691 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 15641161a7d357f22893d666987992929b63e7930b804f54b93c2cbb9399d080
                              • Instruction ID: b0a21bf186468b737ec8cc10e9998deddbc6dbdf24965ca20ce8e85c76fd68af
                              • Opcode Fuzzy Hash: 15641161a7d357f22893d666987992929b63e7930b804f54b93c2cbb9399d080
                              • Instruction Fuzzy Hash: B8E06574A062589FC701DFA8E51A2DDBFB0AB09301F0441EAD808C7351E6308F44CB92
                              Function 07433E67 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 33bf87862b67b2f10fc696f1cc8d76a8107eab9a5c3c2235c7b05f1b953da585
                              • Instruction ID: 01392f5aff7c5395b88aa742c1b9c313d118a45fb52f30dbdbed69753ce526c4
                              • Opcode Fuzzy Hash: 33bf87862b67b2f10fc696f1cc8d76a8107eab9a5c3c2235c7b05f1b953da585
                              • Instruction Fuzzy Hash: 0FE0657890530AAFCB50DFA8E849A98BBF0AB04300F1080A6D84893350E7745A58CF92
                              Function 0743DD00 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 535b91a62a6c72a9d160c5e957ac64399c04677d76b5c71fff64ceb2e7964e32
                              • Instruction ID: 13596a791596502581570d20a5ed9ea3a841572f98a8b130b2d640e3b99265e9
                              • Opcode Fuzzy Hash: 535b91a62a6c72a9d160c5e957ac64399c04677d76b5c71fff64ceb2e7964e32
                              • Instruction Fuzzy Hash: 14E0EC363046146FC3149A4EEC88E56FBADFFC9771B55806AFA09C7361CA71AC11CAA4
                              Function 0743AC70 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e76f40f94af506a95d95588a2fc75391c941bd194c3ae038c5f64cc92e5e0ec
                              • Instruction ID: 0733762748065a93869fcd58815e5e6d8c73733d95152faa3cdf5cc56b5e6519
                              • Opcode Fuzzy Hash: 9e76f40f94af506a95d95588a2fc75391c941bd194c3ae038c5f64cc92e5e0ec
                              • Instruction Fuzzy Hash: 71E026F1709750CFDB318E38A0001A637F9AF4A2103054A5FE4CFC3752C720DA048782
                              Function 07439AE4 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d024e64e1dc842571f2f3681fb4009796992e5fc29476469a0e5eb554c359f3
                              • Instruction ID: 80fcba2f0ce9b574afd306be78fa395f012e246fb9400102a49177151e61bb91
                              • Opcode Fuzzy Hash: 7d024e64e1dc842571f2f3681fb4009796992e5fc29476469a0e5eb554c359f3
                              • Instruction Fuzzy Hash: BBE086B03417148B9A349E2CA0441B7B3F8FB496247008D1FF09FC3700CB60E8044786
                              Function 0743BE40 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4ab9bbaaf9fc357082e450d3832e44c0b310bec9c11c54247dd299a853dd2e92
                              • Instruction ID: 5c57a6fe53f69cfdac1a68a7c1d731e587d339a4183dc9f94027bd5a39179403
                              • Opcode Fuzzy Hash: 4ab9bbaaf9fc357082e450d3832e44c0b310bec9c11c54247dd299a853dd2e92
                              • Instruction Fuzzy Hash: F0D05B3124D3734FC31512B464211E57BD84B46225B5400A7D188C7582D99D48C1C3EB
                              Function 0743494B Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: db9f37121a73537719bc8bf10910754252673ace05d01467d9cfb1b6b0639323
                              • Instruction ID: d4e8245d085dee4193e94b0a8b0361bf9786e6fa44ecf44cb00e7c3cd2ba0b1b
                              • Opcode Fuzzy Hash: db9f37121a73537719bc8bf10910754252673ace05d01467d9cfb1b6b0639323
                              • Instruction Fuzzy Hash: 62E01A74901208AFDB50DFB8E845ADDBBF4AB08311F5040A6E808A3344D7309A40CB91
                              Function 074344CB Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cadb3141df5e02b681eaec3fe31b58c93bba935e3831e7d91243ceb9978bfd3b
                              • Instruction ID: 2fb2b37970cddaee271c24538b573eabeb12fc224e5bb9e678ca2423a4f6b1e3
                              • Opcode Fuzzy Hash: cadb3141df5e02b681eaec3fe31b58c93bba935e3831e7d91243ceb9978bfd3b
                              • Instruction Fuzzy Hash: E5E0BF74901219AFD750DFE8E5496DDBBF4AB08311F1041A9E808A3350E7305A84CB91
                              Function 0743C11C Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7fe730d0c010c78d724f89ad4c0c23b416c98df6a9ffdf9f251820f9f917ead6
                              • Instruction ID: 8fd05cd40890b97fcd96c45b3392d514e0823aeae7273597ff4d90942505f8de
                              • Opcode Fuzzy Hash: 7fe730d0c010c78d724f89ad4c0c23b416c98df6a9ffdf9f251820f9f917ead6
                              • Instruction Fuzzy Hash: 4EE0E57A104249EFCB06DFA0C895D857FA2EF5A314B088499E5494F171C676E425EF40
                              Function 0743EBF8 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 113bfe73bf356133140ee5399a2dfee148b016a37b26429644e66d03d952adab
                              • Instruction ID: dc52811b958ca8361e57d3bd9ccb51a1217edd2a15998e6dc81dc6118723038e
                              • Opcode Fuzzy Hash: 113bfe73bf356133140ee5399a2dfee148b016a37b26429644e66d03d952adab
                              • Instruction Fuzzy Hash: 10E04FB0A05259EFC700DFB8E545A9DB7B9EB04304F404569E409A3650DB316E54D741
                              Function 07436B88 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 91a84fb967577ce07bb7e4a2ba52890694b02752d89f28193ff1a2b75ee24f52
                              • Instruction ID: 65db9dad96262dd0149995e82b444ef316eaec2a11384883434d9763498dfcff
                              • Opcode Fuzzy Hash: 91a84fb967577ce07bb7e4a2ba52890694b02752d89f28193ff1a2b75ee24f52
                              • Instruction Fuzzy Hash: 12E0177225021DBBCF00AE85DC80DEB7B69EF897A0F00C416FA5856214C272EC62DBE1
                              Function 07439D98 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8df38f8391dd4e21bc57f536f76cf23f0bee68705ac741ca4d4da5dfc54f971c
                              • Instruction ID: c1f7fbae5c309ed8dcf1c83b764a14058a0fe94185c295de97d17f9356c99a7e
                              • Opcode Fuzzy Hash: 8df38f8391dd4e21bc57f536f76cf23f0bee68705ac741ca4d4da5dfc54f971c
                              • Instruction Fuzzy Hash: 0AE0BF70905209FFC700DFA4E54185DBBB5FB44214B6085A8E805B3754DA3A6E549B51
                              Function 074336A0 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c272c9aa438dc8bb38fce82b78e0f2d3769406e9ec77e5df4e7935b65a70a047
                              • Instruction ID: f1fc0e8d4b81ff13795a3fd9e7c5650e90e2fc401902b0bfde8a06576825d5c8
                              • Opcode Fuzzy Hash: c272c9aa438dc8bb38fce82b78e0f2d3769406e9ec77e5df4e7935b65a70a047
                              • Instruction Fuzzy Hash: 77E0ECB4901218DFC750DFA8E54969DBBF4AB08301F1041A9D80893350E7309A44CB81
                              Function 074344D0 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b23100a6c4be4dbfd834b4b6ee4d42363e457dd1f5994b3fc4559b54dfc30f4e
                              • Instruction ID: a6cb6119de78aa1a8c4f3887bcaf56a640986b6b53248e22933c3c24b9949109
                              • Opcode Fuzzy Hash: b23100a6c4be4dbfd834b4b6ee4d42363e457dd1f5994b3fc4559b54dfc30f4e
                              • Instruction Fuzzy Hash: 79E0EC74901209DFDB50DFE8E54969DBBF4AB08311F1081A9E80893350E7309A84CB81
                              Function 07433E78 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6f9d6f249971823a1ffb5697a0e136bdb41e7a2a2682a2d0f7d6ffb834a96077
                              • Instruction ID: 9fb50eabb92ebb357850d8e22cb25b5a0d37001dac8b783c52afb5ca50926269
                              • Opcode Fuzzy Hash: 6f9d6f249971823a1ffb5697a0e136bdb41e7a2a2682a2d0f7d6ffb834a96077
                              • Instruction Fuzzy Hash: DAE0EC74901209DFC750DFA8E549A9DFBF4AB08311F1081A9D80893350E7309E54CB81
                              Function 07434950 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e64ec2afb4cb2e64ed79d3d2c622cc8389b2373b29008e06f0c81aed3478c28
                              • Instruction ID: 76e2467a288ca081c705688369cb5406b97b2ea4103706ebfa9d7e4b199b7cca
                              • Opcode Fuzzy Hash: 4e64ec2afb4cb2e64ed79d3d2c622cc8389b2373b29008e06f0c81aed3478c28
                              • Instruction Fuzzy Hash: B3E0EC74D01208DFD740DFE8E949A9DBBF4AB08311F5041A9E80893350E7309A44CB81
                              Function 0743AAB7 Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3aa050b6a0bb77a16222d93834d98a88b8546fab1e099f1d1cadffac8b1ffc88
                              • Instruction ID: 0e062f379656c85f520aa28b7139a8448380848ab9667a73d6753418efec4c7e
                              • Opcode Fuzzy Hash: 3aa050b6a0bb77a16222d93834d98a88b8546fab1e099f1d1cadffac8b1ffc88
                              • Instruction Fuzzy Hash: 08D09E71405342CFCF199F7595441847FB0FF9632573502DAD0998A1D2D379859BCBA2
                              Function 0743AC50 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0bbbfab10994b0e91911ee841c37397a146e6a6d3353cad70d1f4a1a10311ab5
                              • Instruction ID: 1af1792112cea93d063f0d74578778bbdb624a93d6f06aa9bcfef7709a480cc9
                              • Opcode Fuzzy Hash: 0bbbfab10994b0e91911ee841c37397a146e6a6d3353cad70d1f4a1a10311ab5
                              • Instruction Fuzzy Hash: 0CC08C2040D3C3CECB02637188200C17FB2AFDA22232880F7C0E0C1016E76804A6CB22
                              Function 07436F3A Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 08105efa56a8fda5b2635dcc3a2343e611cdefe0624c8de5640379066bec84f2
                              • Instruction ID: 31384130b054a8b2a2e8a5adbe30230bed63f2c358218f3129657ae937c739d8
                              • Opcode Fuzzy Hash: 08105efa56a8fda5b2635dcc3a2343e611cdefe0624c8de5640379066bec84f2
                              • Instruction Fuzzy Hash: 67D0C279E14249DBDF10CFD5E4444DCBBB9EB49315F105066E919AB214D6305955CF01
                              Function 0743BE50 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 65c51be95a0495b8b2148f999d5776f766a4aa4147db34d1d97902c83e6ae7dc
                              • Instruction ID: fd2f27c072cf4cd51a4987601dbe2eecc9017b54d93f200fd2381044c2c566a5
                              • Opcode Fuzzy Hash: 65c51be95a0495b8b2148f999d5776f766a4aa4147db34d1d97902c83e6ae7dc
                              • Instruction Fuzzy Hash: 83B09B6131413513D608319D74106FD728D87C9565F40006B950D877414CC69C4142DF
                              Function 0743AA05 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 06d5eadf4dc698beb6105d2a7bdc2eec4c00632d8423e6408ac7b67b3997f86f
                              • Instruction ID: 6ed6598cdd22f1961dbb040f4e3d2cbd2ed87a3d8cde5a4ce6176672742853a4
                              • Opcode Fuzzy Hash: 06d5eadf4dc698beb6105d2a7bdc2eec4c00632d8423e6408ac7b67b3997f86f
                              • Instruction Fuzzy Hash: F8D0C7F1E9111ACBEB249F80D5187EE7770BB08304F105516E056A51D0C7780406CFC0
                              Function 07439B00 Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a358d70d7f90f49a70aaf71e6a13ad0a2fd575fc8a3387e02f64a1dc24d5e82b
                              • Instruction ID: 363e455670a9abfa65e7ff26a7126bbfdb176a510a944808abd413b0a52c80c4
                              • Opcode Fuzzy Hash: a358d70d7f90f49a70aaf71e6a13ad0a2fd575fc8a3387e02f64a1dc24d5e82b
                              • Instruction Fuzzy Hash: 07C012F01401008ACF189F1892481557A90FF45314B744A8990698A1D1C771C587D7D1
                              Function 07436B48 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a1dfb64bc33d59e43ded38004b54b11a63ec8420762f3e0e95e675f6ce242c2c
                              • Instruction ID: ffbee42e2393c04e2de601b8aa8d1998b078d058e45320f6058d4b175fc5a8a5
                              • Opcode Fuzzy Hash: a1dfb64bc33d59e43ded38004b54b11a63ec8420762f3e0e95e675f6ce242c2c
                              • Instruction Fuzzy Hash: 49B012E51F8102F18C0063AC895097EDC10EFFB701F038D17B34D40094853188799517
                              Function 07436FC7 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f30fc7f618e98ba3b832c1dcdee3bc4fc4bed9402d1d54ffaccaae427af20ebb
                              • Instruction ID: 96ea202cb5523d6fcf3a390f83bb5df41d61389d6dc55a6f4fd3eacab13bd1d6
                              • Opcode Fuzzy Hash: f30fc7f618e98ba3b832c1dcdee3bc4fc4bed9402d1d54ffaccaae427af20ebb
                              • Instruction Fuzzy Hash: DDA022BE000200F00800A2B0C802EFABA002BFAB00B00800BB38C008008A3200B0EA33

                              Non-executed Functions

                              Function 0743E2A9 Relevance: .3, Instructions: 269COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aebcf2a511b3c47a25de9254c6cad103e73b3c1dc02df23c7485b44346b7ea3b
                              • Instruction ID: e70e9beee715043635a37a26a23d550ccfd260ebb10d24cd7268cad9e975899d
                              • Opcode Fuzzy Hash: aebcf2a511b3c47a25de9254c6cad103e73b3c1dc02df23c7485b44346b7ea3b
                              • Instruction Fuzzy Hash: 0CC1B174E01218CFDB58DFA9D890A9EBBB2FF89300F1085AAD419AB354DB345D86CF41
                              Function 0743E2B8 Relevance: .3, Instructions: 257COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.2143967007.0000000007430000.00000040.00000800.00020000.00000000.sdmp, Offset: 07430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_7430000_aspnet_compiler.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8a64ff258c06024a944161837a03ccfbddd439d217fe781be8968bc1dcd992bf
                              • Instruction ID: 1ca2e56c89f5c124f5948e079e3665af2b904b868e40cd46b90763440e55e84d
                              • Opcode Fuzzy Hash: 8a64ff258c06024a944161837a03ccfbddd439d217fe781be8968bc1dcd992bf
                              • Instruction Fuzzy Hash: 75C1A174E01218CFDB58DFA9D890A9EBBB2FF89300F1085AAD419AB354DB355D86CF41